Australian ports operator recovering after major cyber incident
One of Australia's largest port operators is resuming operations after being hit by a cyberattack late last week.
The Australian branch of the Dubai-based logistics company DP World, suspended operations at container terminals in several cities, including Sydney and Melbourne, after its systems were targeted in a cyber incident on Friday.
The company’s shutdown impacted imports and exports, leaving almost 30,000 shipping containers with consumer goods like electronics, clothing, and food stranded at ports this weekend, local media reported.
DP World said it expected to move around 5,000 containers from the four Australian terminals on Monday.
Although port operations have resumed, the incident is not over, according to the company’s statement.
“The ongoing investigation and response to protect networks and systems may cause some necessary, temporary disruptions to [ports] services in the coming days,” the statement said. “This is part of an investigation process and resuming normal logistical operations at this scale.”
Australia’s national cybersecurity coordinator, Darren Goldie, called the attack on DP World, which manages around 40% of goods going in and out of the country, “a nationally significant cyber incident.”
After detecting the attack last week, the company disconnected its systems from the internet to stop unauthorized access.
It is not yet clear which hacker group is behind the attack.
“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations,” Goldie said.
DP World Australia has resumed operations today following the cyber incident that impacted a number of ports around the country over the past few days.— National Cyber Security Coordinator (@AUCyberSecCoord) November 13, 2023
Although port operations have resumed, it does not mean that this incident has concluded.
The Australian Government is… pic.twitter.com/l3pDvO0G00
According to DP World Senior Director Blake Tierney, the attack hasn’t prevented containers from being taken off vessels, but trucks needed to transport them have not been able to enter or exit the terminals.
In an interview with the Singapore news channel CNA, Tierney said that the company is trying to restore normal operations "as quickly and safely as possible," and was investigating whether any personal information has been leaked during the hack.
The disruption is unlikely to impact Christmas shopping or the supply of goods to major Australian supermarkets, according to the reports. However, some exports may be delayed, Paul Zalai, director of the Freight and Trade Alliance told The Guardian.
DP World is also experiencing disruptions from the rolling stoppages at its docks by the Australian wharfies union, as reported by the Australian Financial Review (AFR). Unfazed by the hack, the union is also planning a 24-hour strike in Sydney on Friday.
According to AFR, the Australian ports operator had been facing shipping delays of up to 10 days even before the cyberattack due to more than a month of protests and work stoppages as workers were refusing to unload trucks.
DP World's hack occurred after an outage in Australia that affected its telecommunications provider, Optus. The outage left nearly half the population without internet or phone service last Wednesday. There is no evidence, however, that the latest Optus outage was due to a cyberattack.
With the growing number of cyberattacks in Australia, the government is taking steps to safeguard the country from hackers. For instance, telecommunications companies will now have to update the federal government on their cybersecurity measures, and there are plans to make it mandatory for businesses to report any ransom incidents, demands, or payments.
“It’s a lot of work to clean up the previous government’s mess, but we’re making vital reforms to make Australia a world-leading cyber-secure nation,” said Australia’s home affairs and cyber minister Clare O’Neil.
Daryna Antoniuk is a freelance reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.