Over 20 entities affected by cyber-attacks

Jun 29, 2016 07:50 GMT  ·  By

A comprehensive report published yesterday by security firm Trend Micro revealed that threat groups are intensifying their efforts against companies activating in the mining sector.

The reasons behind these attacks can be geo-political, but related to also financial gains. Threat groups are targeting these companies to gain insights on state-operated mining firms in order to understand or subvert local politics but also to steal intellectual property and other proprietary information.

This information usually reaches the black market or is passed on to local mining corporations in case of state-powered cyber-attacks.

The known attacks

Since 2010, cyber-security firms have been called in to investigate 17 incidents involving cyber-attacks on 22 entities activating in the mining sector.

The first attack took place in April 2010 and targeted the Rio Tinto Group, BHP Billiton Ltd., and Fortescue Metal Groups. Experts believe the hackers were from Asia and sought information for commercial espionage.

The second attack occurred in February 2011, again against BHP Billiton. The company's boss suspected that the main reason behind the cyber-attack was for nation states and competitors to get their hands on market pricing for key commodities.

In April 2011, hackers broke into the Australian Federal Parliament email accounts to gain access to email conversations between ministers and executives of Australian mining companies operating in China.

Later that year, in October and November, hackers attacked law firms and the Government of Canada’s Finance Department and Treasury Board to obtain insight on bids to take over Canadian mining firm Potash Corporation of Saskatchewan.

In February 2012, Lynas, a mining corporation that extracts rare earths, was hit by hacktivists, who defaced its website because of its Malaysian operations.

A successful cyber-attack is also believed to be at the heart of an incident in July 2012 that involved the Canadian mining company TVI Resource Development and small-scale competitors in the Philippines. An unauthorized intrusion was found in the corporation's email servers that allowed hackers to send legitimate emails on behalf of the company to its smaller competitors, threatening their lives.

In January 2013, Bumi, one of the world's largest mining corporations, reported that its chairman was phished by an attacker claiming to work for Wikipedia, who stole files related to Bumi's finances.

Even Anonymous and Snowden played their part

In May 2013, Anonymous attacked AngloAmerican, the world's biggest platinum extractor, as part of Operation Green Rights. The hacktivists breached the company's database and then dumped details that included PII, credentials, and investor information.

Later in the year, in October, documents leaked by Edward Snowden revealed that the NSA was spying on conversations carried out by Brazil’s Mines and Energy Ministry.

Geographical distribution of targeted companies
Geographical distribution of targeted companies

In May 2014, Aluminum maker Alcoa Inc. and metal supplier Allegheny Technologies Inc. were the victims of economic espionage from hackers originating from Asia.

In February 2015, Nautilus Minerals and Marine Assets Corporation were the victims of a scam that tricked Nautilus employees into sending $10 million to the wrong bank account, instead of the one belonging to Marine Assets Corporation.

In April and May, 2015, hacking group Angels_Of_Truth hacked and dumped 100 GB of data from Detour Gold Corp from Canada.

Cyber-attack has devastating consequences for one firm's finances

A month later, Australian firm Codan reported that hackers stole its designs for proprietary metal detectors. Some companies started manufacturing counterfeit metal detectors, leading to a collapse in sales and market prices.

Probably the most drama-filled attack occurred in November 2015, when International Mineral Resources sued Russian rivals EuroChem Volga-Kail. The lawsuit alleged that EuroChem hired a law firm, which, in turn, hired a former Soviet military counter-intelligence officer to conduct a hacking campaign against International Mineral Resources.

In February 2016, hackers targeted the New South Wales Department of Industry, Resources and Energy, but they failed to get their hands on information regarding mining approvals.

In February 2016, two cyber-espionage groups believed to be linked to Russia, BlackEnergy and Sandworm, were thought to be behind failed attacks on one of Ukraine's mining companies.

The most recent attack was recorded in April 2016, when hackers leaked 14.8 GB of data from Canadian mining corporation Goldcorp.

The reliance of some critical infrastructure domains on natural resources puts the mining sector in a central position among a country's economic landscape. Even if most mining operations are privately owned, the impact of successful cyber-attacks can sometimes be felt across an entire country, if not more, thanks to stock market reverberations.

A more in-depth read is available via Trend Micro's Cyber Threats to the Mining Industry 50-page report.

Top malware families used in the attacks detected in 2015
Top malware families used in the attacks detected in 2015

Photo Gallery (3 Images)

Mining sector started seeing more cyber-attacks
Geographical distribution of targeted companiesTop malware families used in the attacks detected in 2015
Open gallery