In October 2018, Austal, an Australian shipbuilder, fell victim to a ransomware and hacking attack orchestrated by Middle Eastern hackers. The attackers gained access using weak login credentials (e.g., *‘Password123’* or *‘Austal123’*) purchased from a dark web forum. Once inside, they exfiltrated data, including staff email addresses, mobile phone numbers, and ship drawings (non-sensitive customer/sub-contractor designs). The hackers attempted extortion by threatening to sell the stolen data online and demanding a ransom. While Austal confirmed no commercially sensitive or national security-related information was compromised, the breach forced the company to shut down all external ports to contain the attack. The incident did not disrupt ongoing operations, but it exposed vulnerabilities in credential security and highlighted risks of dark web-sourced cyber threats. The Australian government responded by reinforcing deterrence against malicious cyber activity.
TPRM report: https://www.rankiteo.com/company/austal-
"id": "aus707092025",
"linkid": "austal-",
"type": "Ransomware",
"date": "10/2018",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Defense/Manufacturing',
'location': 'Australia',
'name': 'Austal',
'type': 'Shipbuilder'}],
'attack_vector': ['stolen credentials', 'weak passwords'],
'customer_advisories': 'Company confirmed no commercially sensitive or '
'national security-related data was compromised.',
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['emails',
'mobile numbers',
'CAD drawings'],
'personally_identifiable_information': ['email addresses',
'mobile phone '
'numbers'],
'sensitivity_of_data': 'Low (no commercially sensitive or '
'national security-related data '
'compromised)',
'type_of_data_compromised': ['personal data (email addresses, '
'phone numbers)',
'technical data (ship '
'drawings)']},
'date_detected': '2018-10',
'date_publicly_disclosed': '2018-10',
'description': 'In October 2018, Austal shipbuilder in Australia was targeted '
'by a hacking/ransomware attack. Hackers from the Middle East '
'used weak login credentials purchased on a dark web forum to '
"infiltrate the company's systems. The attackers exfiltrated "
'data, including staff email addresses, mobile phone numbers, '
'and ship drawings, and attempted extortion by threatening to '
'sell the stolen materials online. Austal shut down external '
'ports to contain the attack. The stolen credentials were '
"reportedly weak (e.g., 'Password123' or 'Austal123'). The "
'company confirmed no commercially sensitive or national '
'security-related data was compromised, and operations '
'remained unaffected.',
'impact': {'data_compromised': ['staff email addresses',
'mobile phone numbers',
'ship drawings (non-sensitive)'],
'identity_theft_risk': 'Low (limited to email addresses and phone '
'numbers)',
'operational_impact': 'None (company confirmed no impact on '
'ongoing operations)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (attempted '
'extortion by offering '
'materials for sale)',
'entry_point': 'Stolen credentials purchased on '
'dark web forum',
'high_value_targets': ['ship drawings',
'staff personal data']},
'motivation': ['financial gain', 'extortion', 'data theft'],
'post_incident_analysis': {'root_causes': ["weak credentials ('Password123', "
"'Austal123')",
'credentials available on dark '
'web']},
'ransomware': {'data_exfiltration': True, 'ransom_demanded': True},
'response': {'containment_measures': ['shut down all external ports'],
'incident_response_plan_activated': True},
'threat_actor': 'Hackers located in the Middle East',
'title': 'Austal Shipbuilder Ransomware and Data Theft Attack (2018)',
'type': ['ransomware', 'data breach', 'hacking', 'extortion'],
'vulnerability_exploited': "Weak or default credentials ('Password123', "
"'Austal123') purchased on the dark web"}