A hacker collective aligned with Hamas has allegedly released sensitive information tied to Australia’s Redback next-generation infantry fighting vehicle program, along with hundreds of photographs of staff from Israeli defense companies.
The group, known as Cyber Toufan and widely believed to have links to Iran, posted detailed 3D schematics and technical files connected to the AUD $7 billion Redback project. The leak followed a series of cyberattacks on 17 Israeli defense contractors, carried out after infiltrating the systems of supply-chain partner MAYA Technologies, The Australian reported. According to the outlet, the hackers claimed they had “infiltrated the heart of Israel’s defense engineering operations” and began releasing information on 36 joint defense projects from October 22 onward.
They further asserted that they “have obtained tens of terabytes of personal data, administrative and technical documents, audio calls, and video recordings of these criminals… Some designed the rocket, the UAVs, and the tank, while others participated in making their parts and programming their systems, even transporting them to the battlefield.”
A report released in May by Israeli cybersecurity company OP Innovate noted that the group heavily targets organizations connected to Israel’s defense and economic sectors. The report highlighted that Cyber Toufan often exploits default or previously leaked credentials used by third-party security providers, enabling access “not by breaking in, but by walking through an unlocked door.”
Australia previously signed a deal with South Korea’s Hanwha Defense to purchase 127 Redback vehicles for AUD $7 billion. The platform incorporates several Israeli-made systems, including Elbit Systems’ advanced 30mm turret, COAPS gunner sight, a suite of sensors, the Iron Fist active protection system, the Iron-Vision helmet-mounted display, and a laser warning system.
What Was Exposed?
In addition to employee photos, Cyber Toufan published files relating to numerous defense programs. Among the disclosed items were materials tied to Elbit’s Iron-Vision helmet display, Rafael’s Iron Beam laser defense system, the Ice Breaker missile, Spike NLOS anti-tank missiles, Elbit’s Hermes 900 drone storage module, the ROEM self-propelled howitzer, and the Crossbow turreted mortar system.
The Australian also reported that internal considerations by the Australian Defence Force regarding the purchase of Rafael’s Spike NLOS missiles were revealed in the leak. However, Israeli defense industry officials told Defense and Tech by The Jerusalem Post that no classified data had been compromised.
The leak comes amid heightened political tension, as Australia has been outspoken in its criticism of Israel’s military actions in Gaza. Prime Minister Anthony Albanese has previously stated that Australia does “not sell arms to Israel,” though Defence Industry Minister Pat Conroy recently defended the continued use of Israeli technology within the Australian Defence Force.
“We make no apology for getting the best possible equipment for the Australian Defence Force,” he said at the Indo-Pacific Maritime Exposition.
Despite this stance, The Nightly reported that Australia has discreetly implemented new restrictions on defense-related exports to Israel. According to the outlet, permit holders governed under the Customs (Prohibited Exports) Regulations 1956 are now barred from exporting certain approved items to Israel. The Department of Defence reportedly declined to comment, citing national security and confidentiality obligations.
Cyber Toufan stated: “Through the systems, we have breached Elbit and Rafael’s through then [sic]. Their phones, printers, routers, and cameras as well,” the group said. “We have recorded your meetings with sound and video for over a year. This is just the beginning with Maya!”
In a statement to the publication, Rafael said:
“no Rafael classified networks, customer data, or operational systems were affected.”
“Rafael’s cybersecurity framework is among the most advanced in the industry, with continuous monitoring and protection applied across all digital environments. All projects, programs, and customer engagements remain fully secure and uninterrupted.”