Another twist in the Northern Minerals saga as sources say hack was ‘almost certainly’ not from China

It can be revealed the perpetrators of the Northern Minerals hack were likely based in Russia, as a cyber security expert suggests that the Eurasian country poses a bigger threat than China to WA’s critical minerals sector.

The United States wants to cultivate a supply stream of rare earth elements, which are used in magnets for electric vehicle batteries and high-tech defence industry equipment like precision-guided missiles, as military rival China seeks to maintain its stranglehold on the market.

Western Australia’s relatively bountiful deposits of rare earths, particularly a subset of those mineral elements termed heavy rare earths, have subsequently become a flashpoint for global geopolitical tensions and the cyber warfare that entails.

Northern Minerals’ internal computer network was infiltrated in March and sensitive data of the aspiring rare earths producer extracted. But the breach only became public last week, a day after Treasurer Jim Chalmers ordered a mysterious China-linked shareholder to sell down a big portion of the company in his control.

Chinese interests had long sought to pull the strings at Northern Minerals, which holds the strategically important Browns Range heavy rare earths project in the Kimberley.

The ransomware group that carried out the attack is called BianLian — directly translating to ‘two-faced’, or ‘face changing’, in Mandarin.

The political context, timing of events, and name of the group responsible all pointed to China being the culprit behind the Northern Minerals cyberattack.

But government sources have told The West Australian the hack “almost certainly occurred” from Russia or a jurisdiction with strong Russian ties.

Sometime in the past BianLian left a trail of digital crumbs by sharing a hacking tool with another underground cybercriminal group. This software tool, among other identifying features, contained Russian words.

Curtin University Associate Professor of computing Mihai Lazarescu told The West he didn’t know whether a syndicate from Russia had carried out the Northern Minerals hack, but indicated it had the hallmarks of a Russian virtual incursion.

“I wouldn’t be surprised if the Russians, because they’re very pragmatic, they looked around and they thought ‘oh, well, we can always make it look these guys (the Chinese) did it’,” he said.

China v Russia

The West last week revealed that Iluka Resources was recently the target of a cyberattack, understood to be from China, not long after the company’s boss accused China of rigging the rare earths market.

But the Hong Kong-based hackers weren’t able to get their hands on Iluka’s data.

Mr Lazarescu says Chinese hackers are very adept at piercing the initial layers of a network’s security system but struggle to penetrate further and steal valuable data.

“If you define success in in terms of how many systems you manage to breach, the Chinese will be way ahead,” he said.

“But the Russians are better at getting the crown jewels.”

Mr Lazarescu believes that across both China and Russia hacks are likely perpetrated by a “mixture” of autonomous criminal gangs and those working directly for government agencies.

“It’s probably like an unwritten rule that says as long as you don’t spoil our business and we can learn something or get something from it, we (the government) will pretend it didn’t happen,” he said.

“It’s the case of plausible deniability.

“I’d actually say probably every single country has, you know, some sort of similar understanding.”

Meanwhile, a spokeswoman for Australia’s premier rare earths producer — Lynas Rare Earths — says the company has not experienced a cyber breach, or attempted cyber breach, in recent years.

Lynas has been far more reserved than Iluka in expressing concerns about China’s domination of the rare earths sector, while at the same time courting financial backing from the US to play a pivotal role in the growth of a Western world supply chain.

The US government is handing Lynas hundreds of millions of dollars to build a heavy rare earths processing facility in Texas.

A growing problem?

Cyber hacks are seemingly becoming more frequent in Australia, according to Mr Lazarescu, but he says there is a big caveat over taking any statistics as gospel.

“The only problem that I have before I would say yes or no, is that all the information that I get is based on what other people are compiling,” he said.

“So, what’s wrong with all these statistics is that it’s still very much voluntary.”

Businesses in Australia only have to report a cyber breach to the Office of Australian Information Commissioner if data has been compromised, or reasonably suspected to have been compromised, and these reports rarely become public.