Chinese electronic manufacturer and Apple partner Luxshare Precision Industry has allegedly been breached by affiliates of the RansomHub ransomware-as-a-service outfit.
Luxshare is one of the primary assemblers of Apple’s wireless earbuds, iPhones, and Vision Pro devices, as well as a producer of components used in Apple devices.
The company also counts NVIDIA, Qualcomm, Samsung, Intel, and other high-profile tech and automotive companies among its partners and clients.
RansomHub’s (unconfirmed) claims
According to a post on the group’s data leak site, the attackers stole and encrypted some of the company’s sensitive data.
“Dear management of Luxshare Precision Industry Co. Ltd. We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company. We strongly recommend you to contact us to prevent your confidential data, projects documents from being leaked,” the group threatens.
According to the post, among the stolen data are:
- Confidential 3D CAD product models, 3D engineering design data, and 3D engineering documentation
- High-precision geometric data for Parasolid products
- 2D component drawings for manufacturing and mechanical component drawings
- Engineering drawings in PDF format
- Printed circuit board design and manufacturing data
“The archives contain data from Apple, Nvidia, as well as LG, Geely, Tesla, and other large companies whose production and R&D information is publicly available,” the group claims, and has offered for download packages of data as proof of the breach.
We could not download and independently analyze the leaked packages, but Cybernews’ research team says that they contain “details on what appear to be confidential projects regarding device repair and shipping between Apple and Luxshare” and information about other Luxshare clients.
Help Net Security has reached out to Luxshare for confirmation of the alleged breach and we’ll update this article if we hear back from them.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!