A cyberattack forced Mackay Sugar, Australia’s second-largest sugar producer, to shut down sugar milling and cane haulage at its Farleigh and Racecourse mills in Queensland’s Mackay region, disrupting harvesting operations across the area. Growers were told to cease harvesting immediately, and the company said it was using fallback measures to return cane trains already on the tracks to factories while prioritizing staff safety, business continuity, and the safe restoration of affected systems.
Mackay Sugar said it had engaged cybersecurity specialists and local authorities to investigate the incident and support recovery, but it did not disclose the attack type, whether data was compromised, or when the two mills would restart. Industry representatives said the outage was damaging for growers, though less severe than a disruption later in the crushing season, and the company’s third mill at Marian remained unaffected because it had not yet begun crushing operations.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
6 events from the most recent confirmed update back to the earliest known activity.
Mackay Sugar said it found evidence that an external party accessed parts of its IT environment following the cyberattack. The company said it was working to verify whether any data was accessed while restoration efforts continued.
As of 2026-06-15, Mackay Sugar said it was making progress restoring systems that support cane supply, harvesting, and mill operations. The company reported steam trials were underway and a staged restart was expected later in the week, while growers and harvesters were told not to resume harvesting until further notice.
On 2026-06-15, the ransomware group The Gentlemen claimed responsibility for the Mackay Sugar incident by listing the company on its Tor-based leak site. SecurityWeek reported that no data had been leaked at the time of reporting.
By 2026-06-12, Mackay Sugar had resumed limited manual operations at one of its mills while restoration work continued with assistance from cybersecurity experts. The broader disruption still left two of the company's three mills offline during the peak crushing season.
Mackay Sugar said it was responding to the incident by engaging cybersecurity experts and local authorities to investigate and restore systems safely. The company also implemented temporary or fallback measures to maintain essential operations, including returning cane trains already on the tracks to factories.
A cybersecurity incident disrupted Mackay Sugar's operations, forcing the shutdown of the Farleigh and Racecourse mills in Queensland's Mackay region and suspending sugar milling and cane haulage. Growers were told to cease harvesting early Wednesday as the outage affected harvest operations.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
11 references tracked. Mallory keeps watching after this page renders.
therecord.media
Open sourcemkysugar.com.au
Open sourcetheregister.com
Open sourcescworld.com
Open sourcecysecurity.news
Open sourcemkysugar.com.au
Open sourceabc.net.au
Open sourcetherecord.media
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.