DP World Australia — Ports Offline

DP World Australia is the country's largest port operator, handling around 40% of Australia's container freight across terminals in Sydney, Melbourne, Brisbane and Fremantle. As a designated critical infrastructure asset under the SOCI Act, DP World has obligations to maintain documented cyber security risk management practices and report incidents within 12 hours of discovery.

In November 2023, attackers exploited a known vulnerability in Citrix software (CVE-2023-4966, often called "Citrix Bleed") to gain initial access to DP World's corporate environment. The vulnerability had been publicly disclosed in October 2023, and a patch had been available for several weeks. DP World's documented patching policy required "high-severity vulnerabilities to be patched within 14 days of public disclosure" - the patch had not been applied at the time of compromise.

Once inside, the attackers exfiltrated employee data and triggered a precautionary network shutdown. To prevent further spread, DP World took its terminal operating systems offline for nearly three days, halting container movement at all four ports. Around 30,000 containers were stranded. The incident also exposed personal information of employees, including identity documents and tax file numbers.