Mining and Metals Incidents More Than Double in the First Quarter of 2025

At the Mining and Metals ISAC, we monitor cyber incidents and track trends within the mining and metals sector. Compared to last year, incidents have more than doubled Q1, with April and May continuing the trend. Why might this be? A few reasons could explain the spike in incident activity in our sector.

Increased Attack Surface

Third-party risks, new technology, and, of course, the newest big player is AI. More employees are using Generative AI in their daily work and life tasks.

Threat Actors Publishing the Breach on the Dark Web

The attacker disclosed the majority of reported incidents. Threat actors have used the name and shame tactic for several years to increase the pressure to pay. However, as Ransomware as a Service (RaaS) operations share tactics, many threat actors are skipping this part of the negotiation and going straight to posting the company information on their dark web blog sites. In some cases, before the company even knows they have been breached.

Critical Minerals

Critical Minerals have received a lot of attention in recent months, particularly with tariffs impacting trade.  Sixty percent of the incidents tracked in the first quarter targeted companies in the US and Canada, accounting for a significant reason for the increase. As nations race to secure their access to critical minerals, Mining and metals become a strategic play for nation states, and a tempting target for hacktivists and financial opportunists.

Better Sharing

While most incidents were found on the dark web, a few reported incidents can be attributed to better sharing within the ISAC community. We know more because we share more. Please continue to share your incidents, intelligence, and questions with the MM-ISAC so we can bring you the best available information and analysis for the metals and mining sectors.