Cyber Incident Victim: DP World
Date:
Nov 2023
Location:
Australia
Summary
A cybersecurity incident at DP World Australia disrupted port operations across multiple major cities, leading to closures expected to last several days and impacting national import and export activities. The breach prompted an Australian Federal Police investigation and activation of the national crisis management framework, involving coordinated government and industry responses to mitigate supply chain consequences. While ship movements remained unaffected, landside operations—particularly truck access—were restricted as the company contained the incident, with technical assistance provided by cybersecurity authorities. The disruption highlighted vulnerabilities in critical infrastructure, echoing previous national cybersecurity responses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 10, 2023, DP World Australia detected a cybersecurity incident affecting its container terminals in Sydney, Melbourne, Brisbane, and Fremantle, prompting immediate closure of port operations that evening. The Australian Federal Police initiated an investigation into the breach, while DP World restricted landside access to its Australian port facilities to contain the incident and assess impacts on systems and data. The Australian government activated the National Coordination Mechanism (NCM) at approximately noon on November 11 under the national crisis management framework previously utilized during the COVID-19 pandemic. Home Affairs Minister Clare O’Neil confirmed regular government briefings and collaboration with DP World to evaluate operational consequences. National Cyber Security Coordinator Air Marshal Darren Goldiem co-chaired the NCM meeting, warning that the disruption would persist for multiple days, significantly impairing national import and export logistics chains. The Australian Signals Directorate’s Cyber Security Centre provided technical assistance to DP World, though the company maintained active internal investigations without disclosing specific technical details of the intrusion or data compromise.
Fremantle Ports clarified that while DP World’s landside operations—specifically truck movements in and out of its laydown areas—were disrupted, ship-loading cranes remained operational, preventing complete port paralysis. DP World’s suspension of landside access halted container transfers between terminals and transport networks, creating logistical bottlenecks. The NCM convened federal, state, and territory agencies alongside private sector stakeholders to coordinate responses, scheduling a follow-up meeting for November 12. Historical precedents for NCM activation included the 2022 Medibank data breach, floods, and supply chain emergencies. DP World issued no public statements regarding operational restoration timelines or data compromise specifics beyond its initial containment measures. The incident marked Australia’s second major critical infrastructure cybersecurity disruption within a year, following the Medibank attack, though the extent of data exfiltration or ransomware involvement remained unconfirmed by official sources.