Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web.
Northern Minerals is an Australian company focused on the exploration and development of heavy rare earth elements (HRE), specifically dysprosium and terbium, used in electronics, batteries, and aircraft.
It is considered of critical strategic importance for the Australian government, as evidenced by a recent call to Chinese shareholders to offload their shares in the rare earth miner.
The firm is publicly traded on the Australian Securities Exchange (ASX) under the ticker ‘NTU,’ so it is legally obliged to disclose any data breach incidents promptly.
The firm disclosed today, without naming the perpetrators, that data had been stolen from its systems in late March 2024 and subsequently published on the dark web.
“Northern Minerals Limited advises that it has been the subject of a cyber security breach and was today advised by its cyber security consultant that some of the exfiltrated data has now been released on the dark web,” reads the ASX announcement.
“The exfiltrated data included corporate, operational and financial information and some details relating to current and former personnel and some shareholder information,” continues the announcement.
The company says it informed the Australian Cyber Security Centre and the Office of the Australian Information Commissioner accordingly, while impacted individuals will also be informed via personalized notices.
Northern Minerals notes that this incident does not impact its mining or business operations.
BianLian claims the attack
Yesterday, the BianLian ransomware group claimed responsibility for the attack by adding Northern Minerals to its extortion page on the dark web.
The cybercriminals, who have started to move towards data-theft-based extortion over ransomware, published the following data:
- Operational details
- Australian and foreign projects’ documents
- Research and development data
- Financial information
- Personal data of employees
- Data of shareholders and potential investors
- Email archives of Northern Minerals’ chairman and those of the executive director and CFO
The full publication of the stolen data indicates that the company refused to pay a ransom demand.
BianLian remains an active player in the ransomware space in 2024, with recent victims listed on its extortion page concerning firms engaging in healthcare, industrial, legal services, financial services, and construction.