Luxshare, one of Apple’s key partners in assembling iPhones, AirPods, Apple Watches, and Vision Pro, allegedly suffered a data breach, orchestrated by a ransomware cartel. The attackers are threatening to leak data from Apple, Nvidia, and LG unless the company pays a ransom.
-
Luxshare, Apple's key iPhone assembler, allegedly suffered a ransomware attack threatening confidential product data leaks from multiple tech giants.
-
RansomHub attackers claim access to 3D CAD models, circuit board designs, and engineering documentation from Apple and Nvidia products.
-
Cybernews researchers claim leaked data includes confidential Apple-Luxshare repair projects, employee PII, and product design files from 2019-2025.
-
The breach could enable competitors to reverse-engineer products, manufacture counterfeits, and exploit hardware vulnerabilities in Apple devices.
The Luxshare data breach allegedly occurred last month, with attackers claiming December 15th, 2025, as the date Apple key partners’ data was encrypted. The alleged attackers, RansomHub, announced the Luxshare data breach on their dark web forum.
Luxshare is an essential partner to the American giant. Many Apple products, including iPhone, AirPods, Apple Watch are assembled at Luxshare, which means the company has very intimate information about Apple’s products.
The conversation on this topic is live. Join in the discussion.
“We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company. We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked,” the attackers claim.
We have reached out to the company and will update the article once we receive a reply. We have also reached out to Apple and will add its response as soon as we receive it.
What data did the Luxshare data breach expose?
The Cybernews research team investigated the data sample that the attackers attached to the post.
According to our team, the leaked data includes details on what appear to be confidential projects regarding device repair and shipping between Apple and Luxshare, including timelines, detailed processes, and information about other Luxshare clients.
Moreover, the leaked information appears to include personal identifiable information (PII) of individuals working on specific projects, with their full names, job positions and work emails exposed.
“Dates of these projects range from 2019 to 2025 and the information appears to expose sensitive business operations. Additionally, .dwg and gerber files, which are often used to create product model designs, are also included,” the team explained.
While Apple’s assembler data breach is still unconfirmed, the team believes that the information included in the post appears to be legitimate.
What do the Luxshare attackers say?
The RansomHub attackers claim to have wide access to confidential Luxshare client data. The stolen data supposedly ranges from 3D product models to circuit board design data, information that’s highly coveted by corporate spies.
According to the attackers, they have accessed archives that contain:
- Confidential 3D CAD product models, 3D engineering design data, 3D engineering documentation
- Access to high-precision geometric data for Parasolid products
- 2D component drawings for manufacturing
- Mechanical component drawings
- Confidential engineering drawings in PDF format
- Electronic design documentation
- Electrical and layout architecture data
- Printed circuit board manufacturing data
“The archives contain data from Apple, Nvidia, as well as LG, Geely, Tesla, and other large companies whose production and R&D information is publicly available. Protected by a non-disclosure agreement,” the attackers claim.
If confirmed, the attack could be disastrous for Luxshare and its partners. For one, attackers could sell the data to competitors who could utilize the stolen details to reverse-engineer products, bypass years of R&D, and manufacture counterfeits.
The cybersecurity implications are also extreme as attackers could clearly uncover hardware vulnerabilities, chip locations, and power systems, which would be beneficial to target firmware or carry out supply chain attacks.
China-based Luxshare is a behemoth in the electronics manufacturing industry. Based in the country’s tech heart, Shenzhen, the company employs over 230,000 people and reports revenues of over $37 billion.
According to reporting by the Wall Street Journal, Luxshare’s importance to Apple’s supply chain ballooned after its main assembler, Foxconn, went through a series of production halting protests.
What is a third-party attack?
RansomHub's alleged attack against the iPhone assembler is a classic example of a targeted third-party attack. While it would likely take extreme sophistication to breach Apple systems, breaking into its partner's cyber domain can be an easier task.
This type of attack usually involves malicious actors targeting the relationship between the vendor and the client, not the product itself. It's a common tactic ransomware gangs and other cybercriminals exploit.
For one, the tactic allows attackers to pressure vendors into either paying the ransom or risking souring relationship with the client. If the negotiation fails, attackers can proceed to extort the client, with the same threat of leaking sensitive data.
For example, this attackers utilized the same tactic against the US hotel giant Hyatt and the fast-food giant McDonald's.
Who are the Luxshare attackers?
First spotted in 2024, RansomHub is a well established actor in the ransomware scene. For example, the gang proved itself to be one of the most active ransomware gangs of the past couple of years.
According to security experts, RansomHub is among the most prolific ransomware-as-a-service (RaaS) operations, emerging after ALPHV (BlackCat) disappeared. It primarily targets industrial manufacturing and healthcare.
RansomHub brought some technological innovations to the table. Its tools are capable of remote encryption. The affiliates exploit exposed unprotected machines, reducing the risk of detection and increasing the success rate of attacks.
According to a CISA advisory, the cybercrooks breached nearly 500 victims in 2024, almost at a rate of one victim per day. The cyber watchdog also provides a full list of the Kremlin-backed gang's known IOCs, including IP addresses, tools, known URLs, email addresses, and more.
Is my iPhone safe after the Luxshare breach?
While the breach exposed confidential engineering data, there is no evidence that consumer iCloud accounts or user passwords were accessed. However, stolen hardware schematics could help attackers discover new vulnerabilities in Apple devices aka "jailbreaks" or firmware exploits.
What data was stolen in the Luxshare attack?
According to the attackers, and samples analyzed by researchers, the stolen data includes 3D CAD models, printed circuit board (PCB) designs, and engineering drawings for products from Apple, Nvidia, and LG. It also contains the personal information (PII) of employees working on these confidential projects.
Who is behind the Luxshare hack?
The attack was claimed by RansomHub, a ransomware-as-a-service (RaaS) gang that emerged in 2024. They are notorious for targeting industrial manufacturers and healthcare providers, often using remote encryption tools to lock systems and steal trade secrets.
Can someone use the stolen data to make fake iPhones?
If they have access to detailed iPhones' component information, than, in theory, yes. The leaked data allegedly includes "2D component drawings" and "high-precision geometric data." Experts warn that this level of detail allows detailed reverse-engineering.
Updated on January 19th [01:30 p.m. GMT] with a insights from the Cybernews research team.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked