Mackay Sugar halted operations after a June 10 cyber security incident
Mackay Sugar, the second-largest sugar producer in Australia and based in Queensland, disclosed a cyberattack on June 10 and curtailed operations while it handled the fallout. The company said some operations remain restricted, but it managed to perform manual crushing at its Farleigh Mill using cane that had been harvested before the attack. Steam trials were reported to be underway, and, "subject to final validation activities, some harvesting is expected to recommence this week in preparation for the staged restart of crushing operations later this week," the company added.
Immediate production and energy consequences at three mills
The company operates three mills across Queensland. Two — Racecourse Mill and the Farleigh Mill — were operating at limited capacity because of the incident; the company's largest and most productive factory, Marian Mill, was unscathed. Racecourse Mill was described by the company as "the heart of the business and home to its corporate offices." Racecourse typically generates 213,000 tons of raw sugar and 58,000 tons of molasses a year; its cogeneration plant produces 156,000 MWhs of renewable electricity a year, around 71 percent of which is sent back into the national electricity grid. Farleigh, Mackay Sugar’s oldest mill, typically produces around 196,000 tons of raw sugar and 49,000 tons of molasses per year.
Why growers were told to keep cane in the ground
Mackay Sugar advised growers not to harvest their crops for the time being. The company noted that sugar producers need to process cane within 48 hours of harvest to preserve high sucrose content and overall yield. Delaying processing beyond that window can allow sucrose to convert to simple sugars, cause unwanted fermentation and lower yields. The company acknowledged the financial implications for growers, saying, "We recognise the impact this incident is having on our growers, and we are doing everything we can to support them and to safely resume full operations as soon as possible." The disruption also affects the railways used to move cane from farms to mills, further complicating the logistics of any staged restart.
The Gentlemen claimed responsibility; technical profile from Microsoft researchers
Cybercrime group The Gentlemen posted Mackay Sugar to its data leak site and claimed responsibility without providing details about the attack or whether data was stolen for extortion. Cyber threat intelligence professionals first spotted The Gentlemen in July 2025 and classified it as a ransomware-as-a-service provider. The Mackay Sugar statements refer to the event only as a "cyber security incident," and there is no evidence in company statements that ransomware was used in this attack.
Microsoft’s researchers, who published a deep dive last month, have documented the group’s capabilities. Microsoft noted that The Gentlemen affiliates have access to a powerful file encryptor that self-propagates, which "increases the likelihood of widespread impact once initial access is achieved." Microsoft’s report also said the group had recently established a partnership with BreachForums to recruit affiliates with different skillsets, such as penetration testers and initial access brokers. The Gentlemen are known for using file‑encrypting malware in double extortion attacks, though the company did not cite ransomware in its public statements regarding Mackay Sugar.
How technologists, growers, and rail operators are likely to respond
- Technologists and security teams: Mackay Sugar has said it is "communicating directly and regularly with our employees, growers, and key partners" and is committed to restoring systems safely. Technology teams will prioritise system validation (itself reflected in the steam trials and staged restart) while investigating the incident further.
- Growers and farm income planners: With the company advising growers not to harvest and noting the 48‑hour processing window, growers face a trade-off between preserving cane quality and complying with a temporary moratorium; the company acknowledged the potential income impact and said it would "do everything we can to support them."
- Rail operators and logistics partners: Interrupted harvesting and limited mill operations affect rail schedules and throughput. Operators will need to coordinate closely with Mackay Sugar and growers as harvesting recommences in stages to avoid bottlenecks and wasted crop.
Mackay Sugar’s public statements emphasise both operational caution and accountability: "We take our responsibility to protect our systems, operations, and information very seriously. We apologise for any disruption this incident has caused and will continue to provide updates as we continue our investigation." For now those updates will determine whether manual crushing and staged restarts can fully compensate for the lost processing window, and whether growers will face diminished quality and income from cane left longer in the ground.
