Cyber Incident Victim: Canadian Copper Mountain Mining Corporation
Date:
Dec 2022
Location:
Canada
Summary
A Canadian mining company experienced a ransomware attack that disrupted operations, prompting immediate isolation of compromised systems and precautionary shutdown of its mill while transitioning other processes to manual control. The incident investigation involved internal and external IT teams alongside relevant authorities, with no reported safety or environmental impacts. Prior to the attack, compromised employee credentials linked to the organization were offered for sale on a cybercriminal marketplace, suggesting potential initial access vectors. The company prioritized restoring normal operations to minimize financial consequences.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 27, 2022, Canadian Copper Mountain Mining Corporation (CMMC), a British Columbia-based mining firm jointly owned by Hudbay Minerals (75%) and Mitsubishi Materials Corporation (25%), experienced a ransomware attack that disrupted its operations. The company’s IT team activated predefined risk management protocols immediately upon detecting the incident, isolating infected systems and taking additional systems offline for forensic examination. As a containment measure, engineers shut down the mill to assess the status of its control systems, while other operational processes transitioned to manual operations to maintain partial functionality. CMMC confirmed the attack did not compromise safety systems or cause environmental damage. External and internal IT teams collaborated to evaluate risks and implement additional safeguards against further compromise. The company engaged relevant authorities to investigate the attack’s origin and mitigate its impact, prioritizing a return to normal operations to minimize financial losses.
The incident investigation revealed potential links to a December 13, 2022, dark web listing where a cybercriminal offered CMMC employee credentials for sale, as identified by cyber-intelligence firm KELA. While CMMC did not confirm this connection, the proximity of the credential sale to the attack suggested a possible initial access vector. Operations at the 45,000-tonnes-per-day processing plant remained partially disrupted during the response, with manual procedures sustaining limited production capacity. CMMC maintained public communication through its website, emphasizing operational transparency but withholding technical specifics about the ransomware variant or data compromise. No ransom demands or threat actors were disclosed in official statements. The company’s focus remained on restoring systems, safeguarding mineral reserves, and ensuring long-term operational continuity across its 18,000-acre site, which holds 32 years of estimated copper reserves.