Opinion

The intersection of cyber and geopolitics – an attack on an Australian mining company?

Published Date
Jun 28 2024
On June 4, 2024, an Australian mining company which focuses on heavy rare earth elements disclosed a cyber incident to the Australian Securities Exchange (ASX). The previous day (Monday June 3, 2024), Australian Treasurer Jim Chalmers ordered five foreign persons (including companies and individuals) to divest their shares in the business. This decision was “designed to protect our national interest and ensure compliance with our foreign investment framework”.

In the ASX disclosure, the affected company noted that “…exfiltrated data has now been released on the dark web” after first becoming aware of the incident in “late March 2024” and that it has “not had a material impact on the Company’s operations or broader systems”.

Threat actor group BianLian has claimed responsibility for the attack, with a posting on its dark web site indicating that categories of compromised data include personal data relating to current and former employees, as well as corporate, operational and financial data. This is corroborated in the ASX disclosure.

Analysis

Although there is no direct and identified link between BianLian and China, the timing of publication of the exfiltrated data is notable – happening immediately after the Treasurer’s order. Threat actors are often influenced by wider geopolitical events. For example, attacks against Israeli organizations have increased since October 2023. Additionally, there is an occasional overlap between criminal threat actor groups such as BianLian and nation states who have previously used criminal groups as proxies for their own activities. 

As the race to secure critical minerals, infrastructure and technologies accelerates, countries are increasingly looking to organizations to limit nation state influence and access to key assets based on national security interests. In parallel, it is likely that further attacks may be carried out on a retaliatory basis. These attacks may be carried out directly by nation state-affiliated threat actors such as Typhoon (China) or Sandworm (Russia), or through proxies such as criminal gangs like BianLian and serve the dual purpose of discouraging actions adverse to nation state interests and providing a competitive advantage through corporate espionage and/or operational disruption.

A further example can be found in the recent denial of service attack against another Australian mining company following comments made by its director which accused China of attempting to monopolise the trade in heavy rare earth minerals.

Organizations investing in critical minerals, infrastructure and technologies, particularly those which operate in industries that are adjacent to the interests of nation states in the energy transition such as oil, gas and rare earth minerals, should be aware of their exposure to cybersecurity threats and take steps to mitigate risk.

There is a possibility that private organizations may become victims due to wider geopolitics, in particular by threat actors undertaking corporate espionage via advanced persistent threats that remain undetected. Consequently, there must be strong consideration of cybersecurity and information security risks in organizations that are involved in these industries.

Related capabilities