Cyber Incident Victim: Detour Gold Corporation
Date:
Apr 2013
Location:
Canada
Summary
A Canadian mining company experienced a prolonged cyber intrusion attributed to hackers identifying as "Angel_of_Truth," who claimed retaliation against Canada for imposing sanctions on Russia and supporting Western policies. The attackers maintained unauthorized access to the corporate network for over two years, exfiltrating sensitive data including employee records, medical complaints, disciplinary reports, supervisors' personal information, incident documentation, and gold shipment details. The hackers publicly released portions of the stolen data and threatened further attacks unless Canada altered its foreign policy alignment. The breach prompted external notification to the organization's IT security team, which initiated an investigation into the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On April 21, 2015, cybersecurity monitoring revealed that Detour Gold Corporation (TSX: DGC), a Canadian mining company, had suffered a significant cyber intrusion. Hackers operating under the alias "Angel_of_Truth" publicly claimed responsibility through a data dump paste, disclosing that they had maintained unauthorized access to Detour Gold's entire computer network for over two years prior to the announcement. The attackers explicitly stated their motivation in both Russian and English, framing the breach as retaliation against Canada for imposing sanctions on Russia and for supporting Western policies perceived as hostile to Russian interests. The compromised data included sensitive categories such as employee personal information, internal radio communications, incident reports detailing operational disruptions, records of gold shipment logistics, and supervisors' private data. Specific examples of exposed materials cited in the breach included disciplinary reports targeting named employees and confidential medical complaints, though full data samples weren't publicly reproduced due to privacy concerns. The hackers threatened continued attacks against Canadian entities unless the government ceased its alignment with United States foreign policy objectives, emphasizing geopolitical coercion as their primary intent.
DataBreaches.net independently verified the breach by reviewing the leaked information and attempted to notify Detour Gold through official channels listed on the company website. After encountering difficulties reaching appropriate personnel through standard contact methods for approximately 20 minutes, the outlet resorted to extracting an executive's direct phone number from the hacked data itself to deliver the alert. This direct outreach resulted in confirmation that Detour Gold's IT security team had received the notification and initiated an investigation into the incident, though no further details about their internal response or mitigation efforts were disclosed publicly. The scale of data exposure indicated systemic network compromise affecting multiple operational and human resources domains over an extended period, with employee privacy and corporate confidentiality representing primary impacts. The attackers signaled intent to release additional stolen materials in subsequent phases, though no further disclosures were documented in the immediate aftermath of this initial report.