Top US mineral firm hit by cyberattack that saw thieves steal $500,000

Close up of a person touching an email icon.

Image Credit: Pixabay (Image credit: Geralt / Pixabay)

NioCorp has notified the SEC of a cyberattack
It was tricked into sending a payment to the wrong account
It notified law enforcement and is trying to recover the funds

NioCorp Developments, a Canadian mineral exploration firm operating in Nebraska, has reported suffering a cyberattack in which it lost half a million dollars.

The company confirmed the news via an 8-K report recently filed with the US Securities and Exchange Commission (SEC).

In the report, filed February 14, NioCorp said it became aware of “unauthorized third-party access” to its information systems, including “portions of its email systems”. The result of this access was a “misdirected vendor payment” totaling approximately $0.5 million.

Investigating the attack

In other words, someone managed to trick NioCorp into making a payment to the wrong bank account.

This is usually done in business email compromise (BEC) attacks, when cybercriminals gain access to an email account belonging to a high-positioned executive and use it to trick the finance department into making the wrong payment.

NioCorp says it quickly realized what had happened, and notified both federal law enforcement and certain financial institutions in an attempt to recover the money. It is unclear if it succeeded yet or not. The company also said it “began taking steps” to investigate, contain, assess, and remediate the attack.

Although the company believes that, aside from the BEC, there were no other attacks or attempts, it is still analyzing the full nature and impact of the attack.

“As of the date of this filing, the company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the company’s overall financial condition or its results of operations,” the filing concluded.

NioCorp Developments aims to produce niobium, scandium, and titanium for industrial and green technology applications.

Via The Register

The many moving parts of business email compromise
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.