-
An Aussie engineering company has confirmed a data breach after hackers claimed to have hacked into their digital system and remained there for almost 5 months.
-
The hacker group claimed to have stolen over 800GB worth of data and announced this on the darknet.
-
IKAD said it has contacted third-party cybersecurity experts, law enforcement, and relevant government agencies.
Australian engineering company, IKAD Engineering, has confirmed a data breach after cybercriminals claimed to have hacked into their network and remained for five months.
An illegal ransomware gang, J Group, listed the company on the dark web website, claiming to have stolen data worth over 800 gigabytes (GB) from their database.
IKAD Engineering is an Australian-based structural and mechanical company that provides parts and heavy engineering solutions to the marine, defence, water, mining, industrial, and oil and gas sectors in the country.
IKAD Data Breach
The J Group hacker gang stated that it had hacked IKAD’s network earlier in 2025 after successfully exploiting a known weakness in an older VPN software the firm used.
According to the hacker group’s claim, after it gained access, the group established its presence in IKAD’s network, transferring data, dumping hashes, and hiding. The gang noted that it continued this for five months, going unnoticed.
Furthermore, the gang claimed to have curated a colosseum of business secrets after its 150-day adventure.
Notably, this long-duration access and lateral movement is called “Living-off-the-land.” It typically comprises an array of tactics where hackers use legitimate, already-installed system and network software programs to facilitate cybercrime.
As per the listing, IKAD has a large collection of documents comprising personal credentials of the company’s staff, including customer communications, passport scans, contacts from prominent defence agencies, and contractors.
Furthermore, documents belonging to specific key projects, such as Damen Shipbuilders tender responses, the Australian Submarine Corporation’s Collins Class submarines, and BAE Systems’ Hunter Class Frigate Program.
The ransomware group noted that this hack is a massive bounty, as it gave away clues of IKAD’s operations and what they’re building. J Group noted that IKAD is a certified, reliable link in the supply chain that connects directly to the Australian national security hardware.
However, IKAD commented on the hack, disproving J Group’s claims of access to sensitive credentials connected to contracts and internal details.
Gerard Dyson, IKAD’s CEO, commented on the hack and claims, noting that the engineering firm had known of the network breach. Dyson said that IKAD is working with security experts to investigate the hack.
After the investigation, the firm reportedly found that the hackers only gained access to a portion of non-sensitive project documents related to its contracts. Also, he added that the threat actors were able to access some internet human resources (HR) documents during their hack.
J Group Hacker Group
J Group is a new cybercriminal group that started operations in February 2025. Since its first appearance, the gang has listed 41 victims, but only a few details about its operations are known.
The group’s use of these hidden platforms to extort victims comes at a time when law enforcement agencies are aggressively targeting the very infrastructure these gangs rely on around the world. The FBI’s recent takedown of several prominent dark web platforms connected to major data heists (that included the Salesforce breach, too) demonstrates that. Now that’s a clear signal that the digital underworld is not beyond reach.
The gang targeted Ausfec Limited, which publicly trades as The Distributors, as one of its foremost victims. J Group listed Ausfec on their darknet leak site on Feb. 22, 2025. Although the only information available regarding the leak is that J Group claimed to have exfiltrated information worth 2004GB.
