cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Exclusive: Aussie rare-earth metals producer Northern Minerals confirms ransomware attack

The Bian Lian ransomware gang claims to have more than a terabyte of data belonging to the operators of the Browns Range mine in Western Australia.

user icon David Hollingworth
Tue, 04 Jun 2024
Exclusive: Aussie rare-earth metals producer Northern Minerals confirms ransomware attack
expand image

The operators of a strategically important rare-earth mine in Western Australia have been listed as one of the most recent victims of the Bian Lian ransomware operation.

The Bian Lian ransomware gang listed Northern Minerals on its darknet leak site overnight and shared a raft of stolen documents as evidence of the hack.

According to Bian Lian, the data includes:

  • Operational data
  • Strategical data: potential projects, geological and mining researches [sic] in various countries, data on research of competitors
  • R&D data
  • Financial data
  • Employees personal data
  • Corporate email archives, including Nick Curtis and Shane Hartwig
  • Data on shareholders and potential investors

Bian Lian also shared the emails of the company’s executive chairman and chief financial officer, as well as the CFO’s mobile phone. The documents that have already been shared, however, are troubling enough.

The gang has shared hundreds of archived 7-zip folders. Some files appear to be files from the chief operating officer’s personal drive, while others are extensive HR files and files called “potential projects”. Other archives contain “management data” and another site appears to be an extensive list of email archives.

The HR files are particularly problematic, as despite being listed as “limited”, the file tree document still contains scans of dozens of employee passports, alongside details of medicals, travel requests, training and certification details, and even police clearance documents.

When contacted for comment, Northern Minerals supplied its statement to the Australian Stock Exchange, which was made while this article was being written.

“Northern Minerals Limited (ASX: NTU) (Northern Minerals or company) advises that it has been the subject of a cyber security breach and was today advised by its cyber security consultant that some of the exfiltrated data has now been released on the dark web,” Northern Minerals said in its ASX filing.

“Northern Minerals became aware in late March 2024 of the breach. In line with the company’s governance practices and protocols, Northern Minerals immediately notified external stakeholders, including the Australian Cyber Security Centre and the Office of the Australian Information Commissioner. In addition, the company [has] engaged appropriate legal, technical and cyber security specialists to assist with the process.

“The exfiltrated data included corporate, operational and financial information and some details relating to current and former personnel and some shareholder information. The process of notifying relevant impacted individuals is underway and ongoing.”

The company said it is not expecting any material impact from the data breach. The company “has reviewed its processes” and will provide further updates as appropriate.

Northern Minerals made headlines this week after the federal treasurer called on five international firms with links to China to divest their shares in the company – which total 10.4 per cent of Northern Minerals issued capital – “to protect our national interest”.

“Australia operates a robust and non-discriminatory foreign investment framework, and will take further action if required to protect our national interest in relation to this matter,” it said.

Responding to news of the hack, LNP Senator James Paterson called it a “serious report”.

“A very serious report, which if confirmed to be sponsored by a state actor, warrants a very robust response,” Senator Paterson said in a post on X.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.