Mackay Sugar, Australia’s second-largest raw sugar producer, disclosed a cyberattack on June 10, 2026, that disrupted operations across its Queensland milling facilities during the height of the annual crushing season, forcing growers and harvesters to halt deliveries and leaving cut cane with nowhere to go.
The company, which operates three sugar mills in the Mackay region of North Queensland and produces roughly 700,000 tonnes of raw sugar each year, said it activated its response immediately upon discovering the breach.
“Mackay Sugar is responding to a cyber security incident affecting some of our operations,” the company stated. “Our immediate focus is the safety of our people, protecting operational systems, and maintaining business continuity.”
Two of the three mills — Farleigh, Marian, and Racecourse — appeared to have been taken offline by the attack. The company engaged external cybersecurity experts, notified relevant authorities, and stood up manual workarounds to sustain critical functions. It did not identify which systems were compromised, whether operational technology was directly involved, or whether any data was taken.
By June 12, Mackay Sugar had restarted limited manual crushing at Farleigh Mill, though only to process cane that had already been harvested before the incident. No new cane was being accepted at any of its mills, as the systems coordinating cane delivery, harvesting logistics, and mill intake remained offline.
In an update published June 15, the company reported meaningful but incomplete progress. “Significant progress has been made over the weekend in restoring the systems that support cane supply, harvesting and mill operations,” Mackay Sugar said. “Steam trials are now underway, and subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week.”
Steam trials involve testing boilers and processing equipment to confirm safe operation before resuming full production. Growers and harvesters were told to hold off on resuming activity until further notice.
“We recognise the impact this incident is having on our growers, and we are doing everything we can to support them and to safely resume full operations as soon as possible,” the company added.
The Gentlemen ransomware group, tracked by Microsoft under the designation Storm-2697, claimed responsibility for the attack and listed Mackay Sugar on its Tor-based data leak site on June 15. No data had been published as of that date, a circumstance that typically indicates ransom negotiations are still underway.
The group emerged as a ransomware operation in September 2025 and had listed 483 alleged victims on its dark-web site by June 13, 2026, with 380 of those added in 2026 alone. That volume places it as the second most prolific ransomware operation of the year by published victim count, behind only the Qilin group. A leak of the group’s internal chat logs in May 2026 gave researchers at cybersecurity firm KELA a rare view into its structure, revealing nine core members, AI-assisted tooling, and an access model relying heavily on credentials obtained through commodity infostealer malware.
The group operates on an affiliate model in which a core team builds and maintains the ransomware and negotiation infrastructure while external operators conduct intrusions and retain 90 percent of each ransom paid.
It remains unclear whether the attackers accessed industrial control systems directly or whether operational technology was disrupted as a secondary consequence of IT systems going down. Mackay Sugar’s public statements have not addressed the question of potential data compromise.
Click Here For The Original Source.
