NioCorp Developments, a US-based mining company, disclosed a significant financial loss due to a cyberattack in a filing with the Securities and Exchange Commission (SEC). The company, which is focused on developing a critical minerals project, revealed that the breach occurred on February 14, 2025. The attack involved the compromise of its information systems, including its email systems, which were exploited in what appears to be a business email compromise (BEC) scheme. As a result, the company experienced misdirected vendor payments amounting to approximately $500,000.
The attackers likely accessed NioCorp’s email system to send fraudulent emails that appeared legitimate.
These emails prompted the recipients to redirect payments to bank accounts controlled by the cybercriminals, resulting in the financial losses. NioCorp has since notified relevant financial institutions and law enforcement to assist in recovering the misdirected funds. The company’s ongoing investigation aims to determine the full scope of the incident and any further impact on its operations.
Although NioCorp believes the incident is limited to the misdirected vendor payments, it has not yet confirmed whether the breach will have a material effect on the company’s overall financial condition. The full scope of the breach, including its nature and any long-term consequences, remains unclear as the company continues to investigate the attack. The company also has not determined whether it will be able to recover all or part of the lost funds.
Business email compromise remains a significant concern, as evidenced by the FBI’s latest report on cybercrime. The agency highlighted that BEC scams resulted in a staggering $2.9 billion in losses in 2023 alone, with a total of $55 billion in losses between 2013 and 2023. NioCorp’s incident underscores the growing threat posed by BEC attacks and the need for companies to enhance their cybersecurity measures to mitigate such risks.
Reference:
