NioCorp Developments Reports $500,000 Loss in Cyberattack
US-based mining company NioCorp Developments has informed the Securities and Exchange Commission (SEC) that it recently suffered a cybersecurity incident resulting in a significant financial loss. The company, which is currently developing a critical minerals project in the United States, disclosed that it detected the breach on February 14.
According to NioCorp, the attack targeted its information systems, including portions of its email infrastructure. The company believes that hackers exploited the compromised email system to orchestrate a business email compromise (BEC) scheme, which led to misdirected vendor payments totaling approximately $500,000.
BEC scams typically involve cybercriminals using access to corporate email accounts to send fraudulent messages that appear legitimate. In this case, the attackers likely manipulated email communications to convince NioCorp's financial team or vendors to redirect payments to bank accounts controlled by the hackers.
Following the discovery of the attack, NioCorp notified financial institutions and law enforcement in an effort to recover the stolen funds. However, the company’s investigation is still ongoing, and the full extent of the breach remains unclear.
In its SEC filing, NioCorp stated that while the incident appears to be limited to misdirected payments, it has yet to determine whether the breach will materially impact its financial condition or operational results. The company has not confirmed if it will be able to recover all or part of the stolen funds.
The attack on NioCorp highlights the growing threat of BEC scams, which have become a major concern for businesses worldwide. According to the FBI, BEC attacks caused $2.9 billion in losses in 2023 alone and $55 billion in total losses between 2013 and 2023. This incident reinforces the critical need for enhanced cybersecurity measures, particularly in industries handling high-value financial transactions.
