Cyberattack keeps Australian Ports offline as containers pile up

SYDNEY : Australia is assessing the logistical impact of a cyberattack that has paralyzed some of its biggest ports since Friday and said interruptions will continue for several more days, a mass closure that threatens to disrupt supply chains across the country and globally.

DP World Plc said on Sunday that it has made “significant progress” in re-establishing freight operations after a hack forced it to restrict access to four of the nation’s largest ports. Still, its IT system remains disconnected from the internet since the hack was detected Friday, severely impacting operations, according to the government.

DP World Australia hasn’t received a ransom demand, the Australian Financial Review reported, citing company official Nicolaj Noes who oversees the Oceania business. It doesn’t know which organization is responsible for the attack or where the hackers are from, the paper quoted him as saying.

“While I understand there is interest in determining who may be responsible for the cyber incident, our primary focus at this time remains on resolving the incident and supporting DP World to restore their operations” and recommence cargo shipments, the government’s National Cybersecurity Coordinator Darren Goldie wrote on X. “We are continuing to develop our understanding of the flow on impacts to Australia’s logistics system.”

DP World, one of the world’s largest port operators, is the latest victim in a string of devastating, high-profile cyberattacks globally this year. Last week, Industrial & Commercial Bank of China Ltd. — the world’s biggest lender by assets — was struck by a ransomware attack that blocked some Treasury market trades from clearing and forced brokers to reroute transactions.

Ransomware hackers install malware on their victims’ systems, holding them hostage until they receive payment. It wasn’t immediately clear whether ransomware was behind the attack on DP World, one of the world’s largest facilitators of global trade.

The disruptions at ports in Sydney, Melbourne, Brisbane and Fremantle threatened to hobble supply chains that were already working to fully recover from the effects of the Covid-19 pandemic. The attack also comes as DP World’s operations are embroiled in an on-going strike by the Maritime Union of Australia over wages and better work conditions.

‘Serious Risk’

DP World manages almost 40% of goods flowing in and out of Australia and “this incident is a reminder of the serious risk that cyber attacks pose to our country, and to vital infrastructure we all rely on,” Home Affairs Minister Ms. Clare O’Neil wrote in posts on X. Authorities are “working to ensure our ports and transport networks keep working while DP World resolves the incident,” she said.

About 30,000 containers of goods are stuck from moving in and out of the DP World terminals, the Australian Financial Review said. Ships can still load or unload containers but trucks cannot get into terminals to pick up or drop off their consignments because the systems are offline, it said.

“DP World today advised the Australian government that the timeframe for interruptions to continue is likely to be a number of days, rather than weeks,” Goldie said Sunday.

Police are still investigating the cyberattack, Goldie said. DP World Australia is working to assess whether any personal information has been impacted, and has taken “proactive steps” to engage the Office of the Australian Information Commissioner. The operator said it had been collaborating with cybersecurity experts.

“A key line of inquiry in this ongoing investigation is the nature of data access and data theft,” the company said in a statement Sunday. “DP World Australia appreciates this development may cause concern for some stakeholders.”

DP World Australia said its top priority was the secure and safe restoration of terminal operations. The company’s teams are testing key systems that are crucial for the resumption of normal operations and regular freight movement, it said, adding it will provide updates once the phase is complete.

To facilitate the flow of some freight, the company has “activated its robust business continuity plan and is collaborating with industry partners, including other ports and terminal operators,” it said. “DP World Australia is working closely with government and private sector stakeholders to identify and retrieve sensitive inbound freight.”

String of Cyberattacks

This isn’t the first time hackers have targeted major ports. In July, Japan’s biggest maritime port was hit by the notorious hacking gang Lockbit, a ransomware group with Russian ties that was also behind this week’s ICBC attack. A month earlier, several Dutch ports including Amsterdam and Groningen faced distributed-denial-of-service attacks, known as DDoS.

In 2021, South Africa’s port and rail company was struck by a ransomware attack that forced it to declare force majeure at container terminals and switch to the manual processing of cargo.