Pro-Russian Hackers Breach Australian Defence Supplier IKAD Engineering in Supply-Chain Attack

In a carefully orchestrated supply-chain attack, the pro-Russian hacktivist collective known as “J Group” has penetrated IKAD Engineering, a critical second-tier subcontractor on Australia’s $1.5 billion Land 400 Phase 3 Redback infantry fighting vehicle program. The breach exposes the fragility of smaller defence manufacturers that sit at the heart of Canberra’s sovereign capability ambitions.

The Breach: Timeline and Technical Details

On the evening of 18 November 2025, J Group published a detailed claim of compromise on their Telegram channel and dark-web leak site. The group posted screenshots showing full administrative access to IKAD’s domain controllers, multiple file servers, and a legacy VPN appliance still running end-of-life software.

Independent researchers who reviewed the leaked screenshots confirmed the presence of genuine internal folder structures, including directories labelled “Redback Project – Hanwha”, “Quality Assurance Documentation”, “Employee HR Files 2024-2025”, and “Supplier Contracts”. Several sample documents containing engineering drawings and bills of materials were also released as proof.

According to posts by J Group, initial access was achieved approximately six weeks earlier through stolen credentials belonging to a senior project manager. The credentials, likely harvested in an earlier unrelated breach or via infostealer malware, granted entry to an outdated Pulse Secure VPN instance that had not been patched against known vulnerabilities from 2021-2023.

Once inside, attackers escalated privileges using publicly available exploit code for a Windows Print Spooler vulnerability and moved laterally via Remote Desktop Protocol to engineering workstations and file servers. There is no evidence that multi-factor authentication was enforced on the compromised VPN or internal RDP jump hosts.

What Was Taken

J Group claims to have exfiltrated more than 800 gigabytes of data. Among the highlighted material:

• Detailed machining drawings and tolerance specifications for Redback turret components manufactured by IKAD
• Complete supplier and subcontractor contact lists for the South Australian segment of the program
• Internal test reports and non-conformance records submitted to Hanwha Defense Australia
• Personal information of approximately 180 current and former employees, including passport scans and tax file numbers
• Financial records and pricing schedules for Redback-related contracts

While the Department of Defence maintains that no classified information resided on IKAD systems, multiple cybersecurity experts have described the stolen engineering data as “extremely valuable” to any adversary seeking to understand Australian armoured-vehicle capabilities or identify potential sabotage points.

“Unclassified does not mean unimportant. Technical data packages at this level of detail allow an opponent to model performance, identify material weaknesses, or even prepare targeted supply-chain interdiction,” explained Tom Uren, senior analyst at the Australian Strategic Policy Institute (ASPI).

Who is J Group?

J Group emerged in early 2023 as a pro-Russian hacktivist entity that blends ideological rhetoric with sophisticated access-broker techniques. The group has previously claimed responsibility for breaches against NATO contractors in Poland, critical-infrastructure operators in the Baltic states, and multiple Australian mining and logistics firms.

Western intelligence agencies assess J Group as operating with at least tacit approval from Russian military intelligence, using the “hacktivist” label to provide plausible deniability. Their targeting has become noticeably more militarily focused since Australia committed to delivering additional Bushmaster vehicles and M777 howitzers to Ukraine in 2024 and 2025.

Immediate Fallout and Response

Hanwha Defense Australia, the prime contractor for the Redback program, confirmed it is working with IKAD and the Australian Cyber Security Centre (ACSC) to contain the incident. All network connections between IKAD and the broader Redback ecosystem were severed within hours of the public claim.

South Australian Premier Peter Malinauskas described the breach as “a serious national security incident” and announced an immediate audit of cybersecurity practices across every local company involved in major defence projects.

At the federal level, Defence Industry Minister Pat Conroy has convened an emergency roundtable with peak industry bodies to accelerate the rollout of the Defence Industry Security Program’s new cybersecurity maturity requirements, originally scheduled for voluntary adoption in 2027.

Why This Matters Beyond IKAD

The Redback program is not just another armoured-vehicle acquisition; it is the flagship project for Australia’s push toward sovereign guided-weapons and protected-mobility manufacturing under AUKUS Pillar 2 and the 2024 National Defence Strategy.

IKAD Engineering, while modest in size, sits at a critical node: it is one of only a handful of Australian firms certified to produce the high-strength steel weldments required for the Redback’s hull and turret ring. Any prolonged disruption or compromise at IKAD could delay deliveries to the Australian Army’s 129th Armoured Regiment.

More broadly, the incident underscores a structural weakness that has worried analysts for years: Australia’s defence primes (BAE Systems Australia, Thales, Hanwha, Boeing) have invested heavily in cybersecurity, but the hundreds of small-to-medium enterprises in their supply chains often operate with minimal protections and limited budgets.

Looking Ahead

Cybersecurity firms are already warning clients of likely follow-on phishing campaigns targeting other Redback and Boxer CRV subcontractors using credentials and intelligence gleaned from the IKAD breach.

For its part, IKAD Engineering has engaged Mandiant and the Australian Signals Directorate’s Cyber Incident Response Team. The company issued a brief statement acknowledging the incident and pledging full cooperation with authorities.

As Canberra races to build a more resilient defence industrial base capable of operating in contested environments, the compromise of a suburban Adelaide machine shop serves as a stark reminder: in 2025, the front line of national security runs through the servers of companies most Australians have never heard of.

The Redback vehicles will still roll off the production line in South Australia, but from now on they will do so under the watchful eye of adversaries who already hold copies of the blueprints.