Australia’s Northern Minerals Confirms Ransomware Attack Claimed by BianLian

• The BianLian ransomware gang claimed to have data belonging to the operators of the Browns Range mine in Western Australia.
• Northern Minerals has confirmed the ransomware attack via an official statement.
• Some of the exfiltrated data, also containing sensitive employee details, has been released on the Dark Web.

The BianLian ransomware gang has made a significant claim, as reported by CyberDaily on Tuesday. The actors state to have gained access to over a terabyte of data belonging to the operators of the Browns Range mine in Western Australia's Kimberley region, posting a sample on the Dark Web that proves some worrying information has been exfiltrated.

The Northern Minerals Limited leaked data contains various sensitive information, including corporate, operational, and financial data and details about current and former personnel, the Australian company has confirmed.

The company said the breach did not have a material impact on its operations or broader systems and declared it became aware of the breach in late March this year. They immediately notified external stakeholders, including the Australian Cyber Security Center and the Office of the Australian Information Commissioner, and employed legal, technical, and cyber security specialists.

The gang has shared hundreds of archived folders. According to BianLian, the stolen information includes operational, R&D, financial, and strategical data such as potential projects and geological and mining research. It also allegedly contains corporate email archives and data regarding shareholders, potential investors, and competitors’ research, while some files appear to be files from the chief operating officer’s personal drive.

What’s more, the sample posted on the Dark Web contains personal details of current and former employees, such as scans of dozens of employee passports, medical leave details, travel requests, training and certification details, and police clearance documents.

Northern Minerals made headlines this week after Federal Treasurer Jim Chalmers ordered Chinese investor Yuxio Fund and four other international companies linked to China to sell their shares in the company “to protect our national interest” – which equals 10.4% of Northern Minerals issued capital. ABC News Australia reported the cyberattack suspiciously occurred after this event, and suggested the Australian company wants to become the first substantial producer of the dysprosium they mine, which is a key component used in electric vehicles.

BianLian is a ransomware and data extortion group that has targeted organizations in multiple critical infrastructure sectors in the US since June 2022 and Australian critical infrastructure sectors, professional services, and property development.