Global hacking group targets North Queensland cane producer

Global ransomware group reportedly claim cyber attack that shut down Mackay Sugar mills Thu 18 Jun 2026 at 1:46pm In short: The Gentlemen, a Russian-speaking hacking group, has reportedly claimed responsibility for a cyber attack on Australia's second largest raw sugar producer. Mackay Sugar is working to verify the claim and is planning a staged restart to operations at its Farleigh and Racecourse mills. What's next? Cyber security experts and industry leaders say the attack is a warning sign for Australia's agricultural sector. A Russian-speaking ransomware operation known as The Gentlemen has reportedly claimed responsibility on the dark web for a cyber attack that shut down two regional Queensland sugar mills for a week. The Racecourse and Farleigh mills have not been fully operational since June 10. Farleigh mill undertook a manual crush of cane harvested before the attack and both mills have run steam trials in preparation for a staged restart of operations. Cyber security expert Andrew Philp said while he could confirm The Gentlemen made the claim via a website hosted on the dark web, the attacker was not able to be independently verified. The Gentlemen is a Russian-speaking ransomware-as-a-service operation that emerged last year. A report published online by Check Point Research, an international cyber security software company, found while The Gentlemen had claimed attacks on 320 targets as of April, the actual number of victims was around 1,570. Australia was listed as the fourth-most-targeted nation. Mr Philp, from Australian cybersecurity advisory firm Trend AI, said while The Gentlemen had made the claim, there was minimal evidence to prove it was true unless authorities or Mackay Sugar were able to confirm it themselves. "The normal sort of method that a group will use is that they'll publish a little bit of data that sort of shows that they have been inside of the environment," he said. "Our researchers didn't see that in this case, which doesn't confirm things either way." The Queensland Police Service and Australian Federal Police declined to comment. Mackay Sugar tries to verify claims as farmers in limbo In a statement, Mackay Sugar said it had identified claims from an "external party" about the incident. "We are working urgently to verify these claims, including the nature and extent of any information which may have been accessed," a spokesperson said. The company said the news would not affect its plans to restart harvesting and mill operations by the end of the week. "We recognise the impact this incident is having on our growers, and we are doing everything we can to support them and to safely resume full operations as soon as possible," a spokesperson said. Many of the 1,300 farms that supply Mackay Sugar have paused harvesting since the attack. Charles Townley, who sends his cane to both the Racecourse and Farleigh mills, is worried financial losses are growing. He expects the lost week and further delays could be added on to the end of the milling season, when the weather is wetter and sugar content in his cane drops. "You're losing a fair bit of money over that week and a half you lost, when it gets added on to the end of the crushing," Mr Townley said. He said farmers were in regular contact with Mackay Sugar but his frustration with the situation was increasing. "Every day we lose now is a day extra at the end," he said. "We can't really afford that." A vulnerable sector Mr Philp said manufacturing, food and critical infrastructure organisations were increasingly targeted by cyber attackers looking to create "disruption". "In the case of Mackay Sugar, that's disrupting the processes that are running the sugar-crushing systems," he said. He said low cyber security budgets and resourcing in these sectors meant their technology was more vulnerable to attacks. "They don't necessarily get resourced the way that a large bank might be to do cyber security … and often they have a lot of very old technology," he said. "Ultimately, it makes them a prime target." Australian Sugar Manufacturers said cyber security would be at the top of the agenda at an upcoming meeting of industry leaders. "I think the big takeaway for industry is that it doesn't matter where you are in the supply chain, you can be a target for international cyber threats," CEO Ash Salardini said. "Even a non-consumer-facing business like Mackay Sugar can be hit." [Image text:] Ransomware Motivatior Target 90 Countries: PI3 Target Sectors ntry of Origin:Unknown Attack Typ