Australian Government Monitors Significant Stevedore Cyber Attack

Written by staff writer.

Australia’s Cyber Security Coordinator says the Australian government is working with seaport terminal operator DP World Australia to resolve what he calls a serious and ongoing “nationally significant cyber incident.”

Air Marshal Darren Goldie released a statement on November 12, 2023, two days after unidentified hackers breached DP World Australia’s cyber defences. The state-owned Dubai-based multinational stevedoring company handles around 10% of the world’s container traffic and 40% of Australia’s container traffic, including those passing through Melbourne, Sydney, Brisbane and Fremantle ports.

DP World Australia cut off internet access on November 10 in a bid to thwart the attack. In the process, it shut down its Australian port operations and halted the movement of a reported 30,000 containers. While DP World Australia has not yet disclosed the nature of the attack or what data was stolen, it is known that the breach affected systems that managed the transfer of containers between ships and trucks. Some limited operations were beginning to occur on November 12.

“DP World Australia appreciates this development may cause concern for some stakeholders,” said the company on the weekend. “DP World Australia is working hard to assess whether any personal information has been impacted and has taken proactive steps to engage the Office of the Australian Information Commissioner. Currently, DP World Australia teams are testing key systems crucial for the resumption of normal operations and regular freight movement.”

The Australian government rapidly ramped up its involvement, holding a crisis meeting on Saturday to coordinate a response. Further meetings between the stevedoring business, law enforcement officials, and government agencies continued over the weekend. “The government is receiving regular briefings and is working with DP World Australia to understand the impacts of this incident and enable engagement across government,” said Cyber Security Minister Clare O’Neil. The minister added that Air Marshal Goldie is leading the government’s response. On Sunday afternoon, Goldie said DP World Australia’s operations remained offline. DP World Australia confirmed they had not received a ransom demand.

“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations,” he said, adding that the latest advice from the company is that operational disruptions may continue for several more days.

The cyberattack threatens to upset further already strained supply chains in the lead-up to the Christmas holidays. DP World Australia says it is working to retrieve any sensitive inbound freight.

The attack is the latest in a line of port terminal operator breaches in the past several months, including the July LockBit ransomware attack on the Port of Nagoya and the September DDoS attacks on the Dutch ports of Amsterdam and Groningen.

“Today (Sunday), I co-chaired a meeting of the National Coordination Mechanism, together with the National Emergency Management Agency (NEMA), to consider and address impacts arising from the cyber incident,” said Goldie “The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is engaged with DP World Australia and is providing technical advice and assistance. The Australian Federal Police has commenced investigations into the incident.”

The Australian government recently released a review into critical infrastructure security risks, including cybersecurity risks. On the weekend, answering questions on the DP World Australia breach, Deputy Prime Minister Richard Marles said the government had a “huge focus” on cybersecurity. “Incidents like this just highlight how dependent we are upon the cyber realm,” he said. “