Ransomware attack idles BC copper mine
Elevates cyber-risk concerns at increasingly connected mines Metal Tech News - January 4, 2023
Last updated 1/20/2023 at 6:22pm
A ransomware attack that has forced Copper Mountain Mining Corp. to shut down operations at its namesake mine in southern British Columbia elevates concerns about the vulnerability of mining operations that are increasingly dependent on digital technologies.
With its computer systems coming under attack late in the day on Dec. 27, the Copper Mountain IT team quickly implemented risk management systems and protocols to limit the damage and ensure safety at the mine. These actions included isolating the mine from outside cyber-connections; switching automated and digital control systems to manual, where possible; and shutting down the mill until the damage from the attack could be evaluated.
"The company's external and internal IT teams are continuing to assess risks and are actively establishing additional safeguards to mitigate any further risk to the company," Copper Mountain Mining penned in a Dec. 29 statement.
The company says it is working with authorities to investigate the source of the attack. As of Jan. 3, however, there were no details on who was behind the attack or ransoms being demanded.
Fortunately for the company and its workers, the cyberattack did not result in any environmental or safety incidents. The resultant stoppage of copper and precious metals production, however, is impacting the company's bottom line.
"The company's main priority is to continue to ensure safe operations and limit operational and financial impacts," added Copper Mountain.
The potential financial losses is a primary reason that cybercriminals target manufacturing, mining, and other industries that, from a purely financial perspective, are often better off paying the ransom than losing revenues from lost production as well as the costs associated with repairing damages and ramping back of up to full production.
The 45,000-metric-ton-per-day mill at Copper Mountain produced around 50 million pounds of copper in 2022, along with significant gold and silver byproducts.
The company is currently working on a plan to expand the Copper Mountain mill to 65,000 metric tons per day. This would increase annual production to 138 million lb of copper-equivalent, which includes the value of the gold and silver also recovered.
The Copper Mountain Mining ransomware attack underscores an increasing cybersecurity threat to metals and mining operations.
While new technologies are helping to enable automated and other digital systems that increase the safety, efficiency, reliability and sustainability of modern mines, these same technologies create a doorway for online attackers.
In October, Aurubis was hit with a cyberattack that forced the Germany-based copper refining and recycling company to shut down numerous systems at its sites and disconnect from the internet as a preventive measure.
"This was apparently part of a larger attack on the metals and mining industry," the largest copper producer in the European Union inked in an Oct. 28 press release on the incident.
Dragos, an industrial cybersecurity firm, identified 12 ransomware attacks on mining and metal production companies during the third quarter of 2022. This accounts for about 8% of the 128 industrial ransomware attacks identified by Dragos over that period.
Dragos says its research has shown an increase in ransomware and other attacks in manufacturing, including metals production, making the sector one of the top targets for cybercriminals.
"Attackers know that manufacturing plants cannot afford downtime, nor potential threats to the quality of their output," the industrial cybersecurity firm inked in a November blog.
The same goes for mining companies like Copper Mountain, which stand to lose millions of dollars from lost production and the costs to idle down and ramp back up operations.
Social media attacks
While directly hacking into a mining operations computer system could be the most concerning and potentially damaging cyber threat, this is not the only online menace the sector has had to deal with.
In mid-2022, several companies advancing rare earths projects in North America were subjected to a social media disinformation campaign launched by Dragonbridge, a cybernetwork that pushes online narratives in support of the People's Republic of China's political interests.
Mandiant, a globally recognized leader in cybersecurity that had been tracking Dragonbridge activity for more than three years, first noticed the group's incursion into the North American rare earths space when it identified a social media campaign criticizing Lynas Rare Earths Ltd. and calling for protests of the Australia-based mining company's plans to build a rare earths processing facility in Texas.
With a network that includes thousands of inauthentic social media accounts and websites, the Dragonbridge operatives posed as local residents concerned about potential environmental and health risks by these rare earth projects in the United States and Canada.
Following the Lynas campaign, Mandiant noticed that Dragonbridge operatives also targeted Appia Rare Earths & Uranium Corp., a company exploring a rare earths-gallium project in Saskatchewan, and USA Rare Earth LLC, which is advancing a rare earths mine in Texas and processing facility in Oklahoma, with similar campaigns of negative messaging and disinformation.
"Dragonbridge's targeting of the rare earths industry broadly, and Lynas, Appia, and USA Rare Earth specifically, demonstrates an interest in industries of strategic importance to the PRC that we had not previously observed from the campaign," Mandiant inked in a June 28 blog.
Pini Althaus, founder and advisor at USA Rare Earth, says he is not surprised by a China-sponsored campaign to sabotage and spy upon companies at the forefront of developing the burgeoning rare earths sector in North America.
"Sadly, it is a given," he posted in a LinkedIn response to a The Washington Post article on the Dragonbridge attack.
It is also a given that firewalls and antiviruses are as important as fences and security gates when it comes to securing mining operations that are increasingly dependent on digital technologies.
More information on the Dragonbridge rare earths campaign can be read at The China rare earths dragon awakens in June 30, 2022 edition of Metal Tech News.