Rare earths miner targeted in cyber attack prior to removal of Chinese investors

Rare earths miner targeted in cyber attack prior to removal of Chinese investors
  • PublishedJune 5, 2024

An Australian company that runs a strategically crucial heavy rare earth project has been revealed to have been targeted in a suspected cyber attack as Treasurer Jim Chalmers orders Chinese investors to be removed.

On Monday Mr Chalmers instructed Yuxio Fund and four other international companies linked to China to divest their shares in Northern Minerals which operates the Browns Range mine in Western Australia’s Kimberley region.

The Australian company wants to become the first substantial producer of dysprosium — a key component used in electric vehicles — outside of China.

“The decision, based on advice from the Foreign Investment Review Board, is designed to protect our national interest and ensure compliance with our foreign investment framework,” Mr Chalmers said in a statement.

Northern Minerals Limited confirmed it was made aware of the hack in late March this year. 

“The exfiltrated data included corporate, operational and financial information and some details relating to current and former personnel and some shareholder information. The process of notifying relevant impacted individuals is underway and ongoing,” a statement from the company said. 

“The breach has not had a material impact on the company’s operations or broader systems.”

It said it would provide further updates as and when appropriate, and that since the breach the company had reviews its processes to strengthen its systems. 

BianLian claims responsibility

The treasurer’s announcement came as a suspected cybercriminal group claimed online to have successfully stolen data from the Australian mining company.

A screenshot of the dark-web post of the cyber hack Northern Minerals Limited and what it acquired.
A screenshot of the dark-web post of the cyber hack Northern Minerals Limited and what it acquired. 

In a message posted to a data leak site, the hacker identified as BianLian boasts of having stolen operational, strategical, financial and personal employee data from Northern Minerals Limited.

Posting on the dark web the hacker also claims to have obtained “corporate email archives” and “data on shareholders and potential investors”.

The Home Affairs Minister Clare O’Neil’s office said it was aware of the incident and was engaging with the company.

The shadow Minister for Home Affairs James Patterson posted to X regarding the attack. 

“A very serious report, which if confirmed to be sponsored by a state actor, warrants a very robust response,” he posted. 

According to the Australian Signals Directorate BianLian is a ransomware developer, deployer, and data extortion cybercriminal group that has targeted organisations in multiple U.S. critical infrastructure sectors since June 2022.

They have previously targeted Australian critical infrastructure sectors in addition to professional services and property development.

Alastair MacGibbon, Chief Strategy Officer CyberCX said while it was too early to draw conclusions about the cyber attack, geopolitical events can have a direct impact and influence on the activities of cyber actors.

“We also know that certain nation states — including China and Russia — have used cyber criminal groups as proxies in cyberspace to achieve strategic objectives,” MacGibbon said. 


Leave a Reply

Your email address will not be published. Required fields are marked *