Cyber Incident Victim: DP World

On November 10, 2023, DP World Australia detected a cybersecurity incident affecting its container terminal operations in Sydney, Melbourne, Brisbane, and Fremantle. The company restricted landside access to its Australian ports that same night, halting truck movements in and out of its facilities while ship loading/unloading operations continued. The Australian Federal Police initiated an investigation, and the Australian Signals Directorate’s Cyber Security Centre provided technical assistance. Home Affairs Minister Clare O’Neil activated the National Coordination Mechanism (NCM) at noon on November 11, engaging federal, state, and industry stakeholders under the national crisis management framework previously used during COVID-19 and the 2022 Medibank breach. National Cyber Security Coordinator Darren Goldiem warned the disruption would persist for multiple days, impacting national import/export logistics.

DP World maintained restricted landside operations through November 11 while investigating the incident’s scope and securing its networks. Fremantle Ports clarified that only DP World’s truck access was impaired, with Patrick terminals and ship movements unaffected. The NCM convened its first meeting on November 11 to assess operational impacts, with a follow-up session scheduled for November 12. No data compromise or attacker identity was disclosed. Industry analysts, including UNSW’s Nigel Phair, publicly speculated about potential ransom demands and multi-week recovery timelines, though these assessments were not corroborated by official sources. The incident marked the NCM’s sixth activation for cybersecurity emergencies since its 2018 establishment.