Cyber Incident Victim: Australia
Date:
Nov 2023
Location:
Australia
Summary
A cybersecurity breach at DP World disrupted operations across major Australian ports, prompting closures and restricted landside access while investigations by the Australian Federal Police and technical assistance from the Australian Cyber Security Centre are underway. The incident impacted container terminal functions, hindering truck movements and threatening prolonged delays to import and export logistics, though ship movements remained unaffected. The government activated its national crisis management framework to coordinate response efforts across federal, state, and industry stakeholders, with disruptions expected to persist for multiple days.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On November 10, 2023, DP World Australia detected a cybersecurity incident affecting its container terminals in Sydney, Melbourne, Brisbane, and Fremantle, prompting an immediate shutdown of landside port operations that evening. The Australian Federal Police initiated an investigation into the breach, while DP World restricted all landside access to its Australian facilities to protect employees, customers, and networks during the ongoing probe. The company confirmed active efforts to contain the incident and assess impacts on systems and data, though specific technical details of the attack vector or attacker identity remained undisclosed. By November 11, the Australian government activated the National Coordination Mechanism (NCM)—a crisis management framework previously utilized during COVID-19 and the 2022 Medibank data breach—to coordinate federal, state, and industry responses. Home Affairs Minister Clare O’Neil confirmed regular briefings with DP World to evaluate operational disruptions, while National Cyber Security Coordinator Air Marshal Darren Goldiem warned that port interruptions would persist for multiple days, significantly impeding the movement of goods into and out of the country.
The Australian Signals Directorate’s Cyber Security Centre provided technical assistance to DP World, though maritime operations at Fremantle Port continued unaffected as only landside truck movements through DP World’s laydown areas were disrupted. Fremantle Ports clarified that rival operator Patrick Stevedores experienced no issues, and DP World’s ship-loading cranes remained operational despite the cybersecurity restrictions. Nigel Phair, Director of UNSW’s Institute for Cyber Security, publicly speculated that ransomware actors likely demanded payment, suggesting recovery could take weeks if no ransom was paid. The NCM convened its first meeting on November 11 and scheduled a follow-up session for November 12, maintaining the framework’s established role in managing non-health crises since its 2018 inception. DP World’s prolonged operational suspension threatened supply chain delays across import and export sectors, mirroring disruptions observed during prior NCM activations for floods and cyber incidents.