DP World cyberattack blocks thousands of containers in ports

A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.

DP World has an annual revenue of over $10 billion and specializes in cargo logistics, port terminal operations, maritime services, and free trade zones.

It is responsible for operating 82 marine and inland terminals in 40 countries. It handles about 70 million containers carried annually by 70,000 vessels, corresponding to roughly 10% of the global container traffic.

DP World has a significant presence in Australia, handling 40% of the nation’s container trade. It operates logistics terminals in the ports of Bing Bong, Fremantle, Brisbane, Sydney, and Melbourne.

According to a statement the firm shared with BleepingComputer, a cyberattack on Friday, November 10 disrupted landside freight operations at its ports.

In response, the company activated its emergency plans and engaged with cybersecurity experts to overcome problems caused by the incident. It is currently testing key systems required to resume normal business operations.

Since Friday, roughly 30,000 shipping containers of varying importance and value remained unmoved and crowded to the brim the available storage spaces. At the moment, operations are being restored gradually.

The estimated damages are in the millions of dollars, as many of the stranded containers hold time-sensitive goods such as blood plasma, wagyu beef, and lobsters.

The media statement also mentions the possibility of data access and exfiltration. However, an internal investigation is still ongoing and has not confirmed this.

“A key line of inquiry in this ongoing investigation is the nature of data access and data theft.” reads the media statement

“DP World Australia appreciates this development may cause concern for some stakeholders […and] is working hard to assess whether any personal information has been impacted, and has taken proactive steps to engage the Office of the Australian Information Commissioner," - DP World Australia

Data theft is typical in ransomware attacks as it puts more pressure on the victim to pay a ransom. At this time, the company did not make any statement about threat actors stealing files from its network.

At the time of writing, no known ransomware group has taken responsibility for attacking DP World.