Canadian mining companies targeted in “cyber-extortion” scheme

The wealth of mining companies and their highly-paid executives has always made them a perfect target for thieves.

Now, evidence has come to light that un-named Canadian mining companies were targeted by the most sophisticated cyber-criminals intent on extorting tens of thousands of dollars from them, under the threat of releasing stolen data to the public.

Redacted email that FIN10 sent to one of their victims, found in the appendix of the FireEye report.

According to a report released today by FireEye, which provides solutions to combat cyber attackers, a group dubbed FIN10 by the cybersecurity company stole sensitive files such as corporate records, private communications and customer information, then demanded ransoms of between 100 and 500 bitcoins – the equivalent of CAD$35,000 to $70,000. If no payment was received within 10 days, the group threatened to release the information to the public.

The chief victims in the cyber-extortion scheme, which operated between 2013 and 2016, were Canadian mining companies and casinos, according to the FireEye report.

In at least two cases, the hackers used spear phishing emails with malicious attachments, luring victims to click on a link that directed them to a FIN10-controlled server. The same technique was used by Russian-backed hackers to break into the U.S. Democratic National Committee in 2015.

While no mining companies were named in the report, Detour Gold (TSX:DGC) and Goldcorp (TSX:G,NYSE:GG) are among Canadian miners that have suffered security breaches in recent years.

Download the free report from FireEye here