US minerals company says crooks broke into email and helped themselves to $500K
A painful loss for young company that's yet to generate revenue
A NASDAQ-listed US minerals company says cybercriminals broke into its systems on Valentine's Day and paid themselves around $500,000 – money earmarked for a vendor.
In what sounds like a textbook business email compromise (BEC) scheme, NioCorp Developments told regulators on Wednesday that cybercrooks broke into its information systems, including "portions of its email systems," and misdirected a cool half a million dollars (approximately).
"The company self-discovered the cybersecurity incident and promptly notified certain financial institutions and federal law enforcement in an effort to, among other matters, recover the misdirected vendor payments," it told the Securities and Exchange Commission (SEC) in a Form 8-K.
"In addition, upon discovery of the cybersecurity incident, the company began taking steps to investigate, contain, assess, and remediate the cybersecurity incident."
NioCorp thinks the attack is limited to the misdirected payment, but investigations remain ongoing into what other damage the miscreants may have caused.
"As of the date of this filing, the company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the company's overall financial condition or its results of operations, including whether the company will ultimately be able to recover all or a portion of the misdirected vendor payments."
The Register asked NioCorp for more details, but it didn't immediately respond.
The company operates a minerals project in Southeast Nebraska focusing on the production of niobium, scandium, and titanium – all of which are designated as critical minerals by the US.
- Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
- Medusa ransomware gang demands $2M from UK private health services provider
- US Army soldier linked to Snowflake extortion rampage admits breaking the law
- London celebrity talent agency reports itself to ICO following Rhysida attack claims
Niobium is a scarce but critical element (not a rare earth) that has a variety of applications, from reinforcing other metals such as steel – a boon to the automotive and aviation sectors – to MRI machines and particle accelerators thanks to its superconducting properties.
Scandium is a rare earth element primarily used in aluminum alloys that reinforce the metal even in small amounts to benefit products such as aerospace components and high-end bicycles.
Titanium is more of a household name but the lightweight metal is still pricey to extract and there are limited amounts that are readily extractable, driving up prices for the durable mineral. Recent geopolitical issues and sanctions have exacerbated the shortage, as the supply chain for titanium is tied to Eastern Europe, specifically Russia. The metal is used extensively across various industries thanks to its strength, versatility, and relative abundance.
The company was incorporated in 1987 and traded under the name Rare Earth Developments Corp. until 2011. It's still technically speaking a development-stage company, financed by debt and equity to further its Elk Creek, Nebraska project. It doesn't yet generate revenue or sell any of the elements it plans to mine.
It means that to a loss-making company like NioCorp, despite being in a somewhat healthy financial position due to extensive funding, having half a million dollars stolen is far from ideal.
Its most recent financial statement reported a net loss of $11.4 million for the financial year ending June 30, 2024, from $40.1 million the year prior. Should NioCorp be unable to recover the misdirected funds, the sum would amount to almost 4.5 percent of its annual net loss. ®