RansomHub Breach Exposes Apple’s Unreleased Product Designs from Luxshare
In December, ransomware group RansomHub infiltrated Luxshare, a key Apple supplier, stealing sensitive CAD drawings, engineering designs, and prototype details for unreleased products, including future iPhones, Apple Watches, AirPods, and Vision Pro models. The attackers are now threatening to leak the data unless a ransom is paid.
The breach, which occurred on December 15, was first disclosed by the hackers on the dark web, who accused Luxshare of concealing the incident. RansomHub claims to possess 2D/3D CAD files, PCB designs, repair processes, shipping timelines, and employee details including names, roles, and email addresses of staff working on confidential projects. A sample of the leaked data, reviewed by Cybernews, appears to confirm the authenticity of the stolen files.
Luxshare, a critical player in Apple’s supply chain since 2020, manufactures iPhones, Apple Watches, AirPods, MacBook accessories, and the Vision Pro. The stolen data includes highly detailed .prt files, which reveal precise dimensions and specifications of prototype components information that could be invaluable to competitors.
Neither Apple nor Luxshare has publicly acknowledged the breach, but the incident raises concerns about the security of Apple’s tightly guarded product development process ahead of major 2024 launches. The exposure of such sensitive designs could compromise Apple’s competitive edge and supply chain integrity.
LUXSHARE-ICT CO., LTD. cybersecurity rating report: https://www.rankiteo.com/company/luxshare-ict-co
Apple cybersecurity rating report: https://www.rankiteo.com/company/apple
"id": "LUXAPP1769095870",
"linkid": "luxshare-ict-co, apple",
"type": "Ransomware",
"date": "6/2020",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Apple (indirectly)',
'industry': 'Manufacturing/Electronics',
'name': 'Luxshare',
'type': 'Supplier'}],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['.prt', 'CAD files'],
'personally_identifiable_information': 'Employee names, '
'roles, email '
'addresses',
'sensitivity_of_data': 'High (unreleased product designs, '
'proprietary information)',
'type_of_data_compromised': 'CAD drawings, engineering '
'designs, prototype details, '
'2D/3D CAD files, PCB designs, '
'repair processes, shipping '
'timelines, employee details'},
'date_detected': '2023-12-15',
'description': 'In December, ransomware group RansomHub infiltrated Luxshare, '
'a key Apple supplier, stealing sensitive CAD drawings, '
'engineering designs, and prototype details for unreleased '
'products, including future iPhones, Apple Watches, AirPods, '
'and Vision Pro models. The attackers are now threatening to '
'leak the data unless a ransom is paid.',
'impact': {'brand_reputation_impact': 'Potential damage to Apple and '
'Luxshare’s brand reputation',
'data_compromised': 'CAD drawings, engineering designs, prototype '
'details, 2D/3D CAD files, PCB designs, repair '
'processes, shipping timelines, employee '
'details',
'identity_theft_risk': 'Employee details exposed (names, roles, '
'email addresses)',
'operational_impact': 'Potential compromise of Apple’s competitive '
'edge and supply chain integrity'},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': True,
'ransom_demanded': True,
'ransomware_strain': 'RansomHub'},
'references': [{'source': 'Cybernews'}],
'threat_actor': 'RansomHub',
'title': 'RansomHub Breach Exposes Apple’s Unreleased Product Designs from '
'Luxshare',
'type': 'Ransomware'}