A hacking group believed to have ties to Iran has claimed responsibility for a massive cyberattack that exposed information linked to Australia’s $7 billion Land 400 defence program. The group, known as Cyber Toufan, says it accessed the data after breaching several Israeli defence companies.
Cyber Toufan, a pro-Hamas group, shared the stolen material on Telegram. Among the leaked files were images and details about the Australian Defence Force’s (ADF) Land 400 upgrade program, which includes the Redback infantry fighting vehicle being developed by Hanwha Defence Australia, a subsidiary of South Korea’s Hanwha Defence.
The hackers claimed to have breached 17 organisations linked to Israel’s defence industry, stealing tens of terabytes of personal, technical, and administrative data, including audio and video recordings.
How the Cyberattack Happened
According to Cyber Toufan, the intrusion began through Maya Engineering, an Israeli firm that works closely with defence contractors. The group said it had full access to Maya’s network for more than a year, exploring its systems and connected devices before reaching larger companies, including Elbit Systems and Rafael Advanced Defense Systems.
In their posts, the hackers said they had breached phones, routers, printers, and cameras, and even recorded internal meetings with sound and video. They claimed to have reached QNAP archives containing information from Elbit and Rafael.
Cyber Toufan published security camera images, office photos, and personnel footage from Maya Engineering and its partners. The group alleged these included employees from Elbit, Rafael, Israel Aerospace Industries (IAI), and the Israeli Ministry of Defense, describing them as part of a “blacklist.”
The hackers also claimed to have accessed and downloaded data about major Israeli defence systems such as the Iron Dome, Laser Dome, David’s Sling, and Arrow, along with missile programs like Jericho, Spike, Gabriel, and Sea Breaker. They said they also obtained information about Israeli tanks, drones, and armoured vehicles, including the Achzarit and Leopard.
Leaked ADF Program Details and Global Concerns
Among the leaked material, Cyber Toufan posted details of the ADF’s Land 400 program, showing images of the Redback armoured vehicle, its Iron Vision system, and remotely operated turret. The group also shared what appeared to be blueprints of vehicle components, claiming these came from Maya Engineering’s archives.
Cyber Toufan said the designs they obtained were linked to projects developed in cooperation with several countries and valued at hundreds of millions of dollars. They added that only part of the data had been released and warned that more could follow.
Cyber Toufan emerged in November 2023 and has since been linked by analysts to state-backed Iranian activity. Cybersecurity company SOCRadar noted that the group’s sophistication and technical reach suggest significant resources and coordination, typical of government-supported cyber operations.
The Australian Department of Defence and Elbit Systems have not commented on the claims. Hanwha Defence Australia has declined to comment.
Security Implications and Ongoing Investigation
Experts say there is no confirmed evidence that classified Australian defence data has been leaked, but the mention of the Land 400 project raises concerns about supply chain security. Sensitive data shared among international partners can become vulnerable if one connected system is compromised.
Cyber Toufan stated that their intention was to expose companies involved in weapons design and manufacturing. They claimed to have monitored Israeli defence systems and international projects for more than a year.
The hacking collective continues to post parts of the stolen data online and has said this is “just the beginning.” Cybersecurity experts warn that such leaks, even if they don’t include classified material, can still threaten defence industries by revealing technical details and system designs.
