Close this search box.

‘State actor’ possibly behind Nine Network cyber attack


Possibly the largest cyber attack on a media company in Australia’s history

Nine Entertainment’s broadcast and corporate business units were disrupted by a “cyber attack” early on Sunday morning, with the effects still being felt.

A “state actor” is the likely culprit behind the crippling cyber attack on the Nine Network, one geopolitical security expert has already said.

The Network is at the centre of possibly the largest cyber attack on a media company in Australia’s history, which brought network’s news production systems around the country to a grinding halt for more than 24 hours.

Major Australian law firm Allens, the Reserve Bank of New Zealand and the Australian Securities and Investment Commission are among other companies to be hit by the attacks, which are part of a spate of new threat activity.

Fergus Hanson, of the Australian Strategic Policy Institute, told the Network’s Today show that the fact ransomware was used but no ransom demanded pointed to a government behind the incident.

The company, which operates free-to-air stations such as Channel 9, confirmed the attack on Sunday evening, after earlier refusing to confirm or deny it had been hit.

The attack has taken down computer systems at Nine Sydney, which is located in North Sydney.

Reuters earlier reported that the company was trying to get its 6pm news bulletin done in Melbourne using a server that had not been compromised.

Earlier live broadcasts from Sydney were cancelled through the morning and replaced with either pre-recorded or interstate content, something unprecedented in recent memory.

Nine said its email systems did not appear to be impacted by the attack.

The Sydney Morning Heraldwhich is owned by Nine, reported the infection as “some kind of ransomware” attack, albeit using a malware strain or method not previously seen in Australia.

The infection is believed to be ransomware and impacted several thousand machines.

As at the time of this article, no group has claimed responsibility nor posted a ransom demand.

Investigators from the Australian Cyber Security Centre have been called in to investigate further and assist with the company’s recovery efforts.

A tweet by the Nine News twitter channel indicated that the company was also suspicious of potential state-actor intervention, making it the latest intriguing chapter in state-based threat actors’ activities in Australia.

A tweet by the Nine News account
Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →