Cyberattack shuts down major Australian sugar mills, disrupting

Executive Summary

A cyberattack has forced Mackay Sugar, Australia's second-largest sugar producer, to shut down two of its three mills in Queensland's Mackay region, bringing the annual sugarcane harvest to a halt. The company confirmed the incident on Wednesday, June 10, 2026, and engaged external cybersecurity experts and local authorities to investigate and restore systems safely. The attack struck during the early weeks of the crushing season, disrupting operations at the Farleigh and Racecourse mills and prompting an immediate stop-harvest order for all growers supplying those facilities.

Technical Analysis

Mackay Sugar disclosed the cybersecurity incident via a public statement on Wednesday, noting that it had implemented temporary measures to maintain essential operations while recovery work proceeds. The company did not specify the nature of the attack — whether ransomware, data theft, or another form of malicious activity — nor did it release any indicators of compromise (IOCs) or attribute the incident to a specific threat actor. According to local media reports, the shutdown affected both sugar milling and cane haulage operations at the two facilities. Growers in the Marian district, whose cane is processed by Mackay Sugar's third mill, were not impacted because that mill had not yet begun its crushing season, per ABC News Australia.

The timing of the attack is particularly disruptive: the annual crushing season had only recently commenced, and any prolonged shutdown risks significant crop loss as harvested sugarcane deteriorates rapidly if not processed within 24 to 48 hours. Mackay Sugar generates over $420 million in annual revenue and supplies raw sugar to domestic customers and export markets including South Korea, Indonesia, Japan, and Malaysia. The company has not disclosed whether customer or employee data was compromised, nor whether a ransom demand was made.

Mitigations & Recommendations

Until Mackay Sugar releases technical details about the attack vector, defenders in the agricultural and critical infrastructure sectors should treat this as a reminder to harden operational technology (OT) environments. Specifically, organizations running industrial control systems (ICS) for milling, haulage, and logistics should ensure network segmentation between IT and OT networks, enforce multi-factor authentication on all remote access points, and maintain offline backups of process control configurations. The Australian Cyber Security Centre (ACSC) advises critical infrastructure operators to report incidents promptly and to review their incident response plans for scenarios involving prolonged operational downtime.