A series of sophisticated cyber attacks targeting contractors in the defence industry supply chain have exposed significant vulnerabilities in Australia’s weapons programs, according to security analysts. The breaches, which occurred over the past week, have raised alarms about the security of Australia’s $7 billion Land 400 military program, following revelations that a hacker group shared sensitive material after allegedly infiltrating several Israeli defence companies.
The Cyber Toufan group, known for its cyber exploits, posted images and intricate details on Telegram concerning the Australian Defence Force’s (ADF) next-generation Redback infantry fighting vehicle. This vehicle, a key component of the Land 400 program, involves collaboration with Israeli weapons manufacturer Elbit Systems, which provides the vehicle’s advanced turrets.
Supply Chain Breaches and Ransomware Attacks
In a separate incident, the J Group ransomware gang claimed responsibility for a cyber attack on IKAD Engineering, a crucial player in the Australian defence sector. The hackers allege they maintained access to the company’s systems for five months, referring to their infiltration as a “staycation in the defence supply chain.” They claim to have obtained information related to Australian naval contracts, including the Hunter Class frigate and Collins Class submarine programs.
Gerard Dyson, CEO of IKAD Engineering, confirmed the breach, acknowledging that an “external third party” had accessed a portion of its internal IT systems. Although only “non-sensitive project information” and employee files were reportedly affected, cybersecurity experts warn that even such data could possess strategic value, serving as a “wake-up call” for the industry.
Hackers ‘At Home’ in Defence Systems
Ethical hacker Jamieson O’Reilly, founder of information security company Dvuln, expressed significant concern over the J Group’s intrusion into IKAD Engineering’s systems. “For the Australian defence ecosystem, the IKAD incident functions as a case study in supply chain exposure,” Mr. O’Reilly stated.
“We didn’t rush, we didn’t smash grab. We set up tools, moved laterally, dumped hashes, and just … lived there. For five months,” the hackers said.
Rahat Masood, a senior lecturer at UNSW’s School of Computer Science and Engineering, explained the technique used as “data exfiltration,” where data is moved from the network to another location and encrypted. “They clear the logs as well,” Dr. Masood noted, making it difficult to determine the duration and extent of their network access.
Australian Program Details Leaked
Cyber Toufan allegedly employed a similar tactic, claiming to have hacked 17 Israeli defence contractors after infiltrating supply chain company MAYA Technologies. The group boasted about obtaining “tens of terabytes” of data, including technical documents related to Israel’s Iron Dome and Laser Dome air defence systems. Among the leaks were images and 3D renderings of Australia’s Redback infantry fighting vehicles.
Retired Major General Marcus Thompson, former leader of the Department of Defence’s Information Warfare Division, expressed concern over the breach. “There are aspects of the Redback vehicle that the Australian Army wouldn’t want known publicly, or certainly not known to a potential adversary,” he told the ABC.
Hanwha Defence Australia, contracted to deliver 129 locally-built Redback vehicles, refrained from commenting as investigations continue. Elbit Systems, however, stated that no classified security materials had been compromised, although they are conducting a thorough investigation.
Non-Sensitive Data Holds Strategic Value
Mr. O’Reilly emphasized the importance of recognizing the potential misuse of all types of data. “Smaller engineering firms often provide specialized services and hold sensitive operational context even if they do not handle classified technical data,” he explained.
“When an adversary compromises a supplier, they gain access to the language, patterns, and relationships that connect organizations across the supply chain,” he said. “That information can be used to build credible approaches to higher tier targets.”
IKAD Engineering has notified the Australian Cyber Security Centre, the Australian Federal Police, and the Defence Industry Security Program. The Defence Department has yet to comment on the situation.
ASIO Warns of State-Backed Threats
The cyber attacks come amid repeated warnings from ASIO director-general Mike Burgess about intensified espionage threats facing Australia’s defence industry. “Multiple countries are relentlessly seeking information about our military capabilities,” he stated in a security assessment earlier this year.
Katherine Mansted, executive director of cyber intelligence at CyberCX, suggested that Cyber Toufan might have links to Iran, given the scale and tactics of its operations. “Cyber Toufan is part of a relatively new phenomenon in this kind of scene, which is the growth of hacktivist groups,” Ms. Mansted explained.
These groups, often backed by foreign governments, engage in disruption attacks or release sensitive information to embarrass targets or influence conflicts. The rise of hacktivists represents a global phenomenon, with many targeting Australian interests through supply chain vulnerabilities.
Retired Major General Thompson stressed the need for enhanced security measures across defence supply chains. “You’re only as strong as your weakest link,” he remarked. “Defence should really be holding their contractors’ feet to the fire.”
As the investigation unfolds, the incidents serve as a stark reminder of the evolving threats facing national security and the critical importance of robust cybersecurity measures in safeguarding sensitive defence information.
