Cyber Incident Victim: Northern Minerals

In March 2024, Northern Minerals experienced a cyberattack that resulted in unauthorized access to corporate, operational, and financial data. The company disclosed on June 4, 2024, that this compromised information had been released on the dark web following the breach. Executive Chairman Adam Handley confirmed during the June 6 annual shareholder meeting in Perth that hackers had demanded a ransom, which the company refused to pay on principle. The disclosure occurred one day after Australia's Treasurer Jim Chalmers issued orders on June 3 requiring several China-linked investors, including Yuxiao Fund, to divest 10.4% of Northern Minerals' shares within 60 days due to national interest concerns. Handley explicitly stated the cyberattack and the government's divestiture order were unrelated events, countering media speculation about potential connections between the two incidents.

The cyber incident occurred against a backdrop of strategic tensions in the rare earths sector, where Northern Minerals operates as a heavy rare earths producer. Yuxiao Fund, whose ultimate controller is Chinese national Wu Tao, had previously sought Foreign Investment Review Board approval to increase its stake to 19.9% in 2022 but was denied in 2023. On June 6, Wu Tao and two other candidates linked to Yuxiao Fund failed to secure board positions during Northern Minerals' shareholder vote. The company did not disclose technical details about the March attack's origin, intrusion methods, or specific operational impacts beyond the confirmed data exposure. No remediation actions were described beyond the ransom refusal and public disclosure. Northern Minerals' shares rose 7% on June 6 despite the breach announcement, reflecting market reactions to both the failed board appointments and broader rare earths industry dynamics.