Maritime Computer Emergency Response Team ADMIRAL dataset ADMIRAL dataset

Publicly disclosed information for this event

Index Number:
A shipowner experiences a data breach following a possible intrusion.
Day Month Year Country Activity Incident Type
27 May 2017 Australia Shipowner Intrusion


The victim, a global entity employing around 4,000 individuals, operates within the maritime industry and is associated with a major international shipping conglomerate. It is known for providing marine solutions and has a significant presence in Australia, where the incident occurred.

According to sources, the victim experienced a cybersecurity breach between May 27, 2017, and March 1, 2018. It was only upon discovery that the victim acted swiftly to mitigate the theft within a span of five hours.

Unauthorized entities managed to auto-forward over 50,000 emails from the finance, payroll and operations departments to external accounts.


Svitzer Australia

Claimed/Reported Threat Actor




Main impact



Recommendations to Shipowner to reduce Intrusion risks:

  • Implement strong access controls and authentication mechanisms to limit unauthorized access, such as Multi Factor Authentication.
  • Regularly update and patch software and systems to address known vulnerabilities.
  • Use Network Intrusion Detection Systems (NIDS) to monitor and block suspicious activities.
  • Segment your network to limit lateral movement by attackers in case of a breach.
  • Educate your employees about phishing attacks and social engineering tactics to prevent credential theft.
Previous Next
Disclaimer: the data are provided as is. France Cyber Maritime and the M-CERT take no responsibility for the soundness, quality, precision, nor the eventual attribution made by the referenced URLs. We give a lot of respect and support to the victims of attacks.
Files generated on Monday, 11th December 2023.
ADMIRAL is licensed under the Creative Commons CC-BY-NC license. Copyright © France Cyber Maritime 2023.