[J] – Ransomware Victim: ikad[.]com[.]au – A 5-Month Staycation in the Defense Supply Chain
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the J Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
The leak post titled “ikad.com.au – A 5-Month Staycation in the Defense Supply Chain” centers on IKAD Engineering, an Australian defense contractor, and is presented as a case study by group J. Dated 2025-11-01, the page recounts a prolonged intrusion into the victim’s network via a VPN gateway. The narrative describes the initial access as stemming from an older VPN appliance with a known vulnerability, coupled with weak credentials and an absence of multifactor authentication, which allegedly allowed attackers to achieve a fully authenticated foothold and remain undetected for around 150 days. The write-up positions the incident as a demonstration of supply chain risk, asserting that sensitive procurement materials and internal communications were exfiltrated over the course of the attacker’s stay. The page emphasizes that the outcome is a data-leak event rather than encryption or ransomware, and notes the presence of downloadable content and links intended to facilitate further access to the leaked data. The post also references two attachments, ikads[.]rar and ikad[.]com.au_listing.txt, and provides navigation to a Leaks Download Guide, alongside an onion-based data repository linked in defanged form ( The description accompanying the leak notes sources provided by travelhackingtool[.]com, though that domain is defanged in the disclosure. The page reports that there are no images on the leak page itself and that the two external links accompany the post.
According to the body of the post, the intruders maintained persistent, unauthorized access for roughly five months, enabling them to move laterally within the victim’s environment and harvest large volumes of sensitive data. The post catalogues a broad set of exfiltrated material described as highly valuable to defense contractors and procurement offices, including tender responses, signed nondisclosure agreements, capability statements, and certificates—presented as a “master key” to the organization’s supplier ecosystem. The narrative further claims that documents and internal communications with major defense program stakeholders were captured, providing a window into bid preparation and project planning. The attacker’s account depicts substantial data volume, with the post asserting “800 Gb+” of data was obtained and that full access to key directories enabled the exfiltration of a comprehensive dossier. The onion link referenced for data access is included in defanged form, and the post closes with a cautionary reminder about the importance of rigorous remote-access controls, MFA, and network segmentation to mitigate similar breaches in the defense supply chain.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
