An Iran-linked hacking group has published internal documents and technical blueprints tied to Australia’s multi-billion-dollar Redback infantry fighting vehicle programme, in a leak that raises fresh questions about the cybersecurity of global defence supply chains.

Resilience Media has reviewed extensive material posted by the group on Telegram, including messages claiming long-term access to Israeli defence contractors and what the hackers allege are recordings and design files.

The leak, which was first reported by Sky News Australia and includes renderings and engineering drawings for Elbit Systems’ remotely operated weapon stations supplied for the Redback, appears to have emerged from a broader campaign targeting at least 17 Israeli defence companies and institutions. The group, which calls itself “Cyber Toufan,” claims to have infiltrated both prime contractors and secondary suppliers via a third-party vendor known as MAYA Technologies.

MAYA describes itself as a research and development contractor that specialises in developing and producing mechanical and electrical products for the civilian, medical and defence industries in Israel.

“One and a half years after gaining full access to the network, we have explored every part of it and reached the QNAP archive. Through the systems, we have breached Elbit and Rafael’s through then [sic]. Their phones, printers, routers and cameras as well. We have recorded your meetings with sound and video for over a year,” reads one message shared on the Cyber Toufan’s Telegram channel, which Resilience Media has seen.

The Telegram feed features detailed captions accompanying images of missile and air defence systems.

“In this image, we see Nirel installing a model of the SPIKE NLOS 2025 missile system,” one post claims. Another reads: “The shown brown equipment is the recent model of The Iron Beam 450 … capable of destroying aerial threats such as drones and rockets at ranges of up to 10 kilometres.”

A further message adds: “Revealed: photos of more than 60 criminals from Elbit, Rafael, IAI, and the Israeli Ministry of Defense, as well as others who think they are unknown. Some of them have been identified, and the rest are under verification. They have been added to the blacklist. Details of your meetings, designs of weapons, and billion-dollar contracts with foreign companies will also be made available to the public.”

Resilience Media has contacted MAYA, Elbit and Rafael for comment but had not received any responses at the time of publication.

Cyber Toufan is a hacktivist-style actor first observed in late 2023 that claims major cyber intrusions against Israeli defence and dual-use industry. The group describes itself as aligned with the Palestinian cause and anti-Israel in its public messaging, but many cybersecurity firms say its methods and scale are consistent with state-sponsored actors.

The group has described its latest campaign as an operation against “17 institutions and companies that directly and indirectly serve the Zionist defence,” suggesting that the compromise extended beyond the major manufacturers to include subcontractors and technology partners. That supply-chain route may explain how Australian-related project data was exposed.

The Redback, built by Hanwha Defence Australia under a contract worth around AU$7 billion, will equip the Australian Army with more than 100 new infantry fighting vehicles, featuring Elbit-designed turrets and weapons systems.

While many of the leaked schematics appear authentic, it is worth noting that they may have been partially altered or drawn from public-domain materials to inflate the hackers’ claims. Even so, any exposure of integration drawings or component layouts could assist hostile intelligence services in modelling vulnerabilities, particularly where systems are shared between Israeli and allied forces.

The incident highlights a growing strategic challenge: complex defence programmes now depend on sprawling networks of subcontractors and technology vendors, each of which represents a potential point of entry for espionage.

Resilience Media will continue to monitor the situation as governments and contractors work to verify the scope of the breach and assess its implications for ongoing ADF modernisation programmes.