The Apple supplier subject to a major cyberattack last month was China's Luxshare, it has now emerged. More than 1TB of confidential Apple information was reportedly stolen.
It was reported in December that one of Apple's assemblers suffered a significant cyberattack that may have compromised sensitive production-line information and manufacturing data linked to Apple. The specific company targeted, the scope of the breach, and its operational impact were unclear until now.
The attack was first revealed on RansomHub's dark web leak site on December 15, 2025, where the group claimed it had encrypted internal Luxshare systems and exfiltrated large volumes of confidential data belonging to the company and its customers. The attackers warned that the information would be publicly released unless Luxshare contacted them to negotiate, and accused the company of attempting to conceal the incident.
According to the attackers' claims, the exfiltrated material includes vital files such as detailed 3D CAD product models and high-precision geometric files, 2D manufacturing drawings, mechanical component designs, circuit board layouts, and internal engineering PDFs. The group added that the large archives include Apple product data as well as information belonging to Nvidia, LG, Tesla, Geely, and other major clients.
The attackers subsequently wrote that Luxshare management had been given time to respond but had failed to do so, and that the stolen archives contained confidential project documentation protected under non-disclosure agreements. The post was accompanied by data samples that the group said were provided as proof of compromise.
Cybernews reported that its research team reviewed portions of the leaked sample data attached to the post and found what appeared to be legitimate internal Luxshare documentation tied to Apple projects. The materials explain confidential repair procedures and logistics workflows between Apple and Luxshare, including detailed process descriptions, timelines, and partner coordination documents.
Files commonly used in product design and manufacturing workflows, such as .dwg and Gerber files, were present in the samples reviewed. The projects referenced in the samples span a period from 2019 through to 2025. As such, it seems likely that unreleased products may be included. The researchers also said the sample data appears to include personally identifiable information of individuals involved in Apple projects, such as full names, job titles, and work email addresses.
Access to detailed engineering designs and manufacturing documentation could pose risks if they are misused, such as product reverse engineering, counterfeit manufacturing, and targeted attacks on hardware or firmware facilitated by detailed knowledge of device layouts and component interactions. Exposure of employee contact information and internal workflows could also increase the risk of targeted phishing or follow-on intrusions against Apple's other partners. Neither Apple nor Luxshare have confirmed the cyberattack.
