Apple supplier Luxshare was hit with a major cyberattack last month, and details of the attack are now beginning to emerge. Reports indicate more than 1TB of confidential Apple information was stolen as the result of the attack on the Chinese firm.
The attack was first revealed on RansomHub’s dark web leak site on December 15, 2025, where the hacker group claimed it had encrypted Luxshares internal system and had harvested huge volumes of confidential data belonging to the CHinese firm and its customers. The group threatened to publicly release the information unless Luxshare agreed to negotiate, claiming the firm was trying to conceal the incident.
The attackers claim the harvested materials included detailed 3D CAD product models and high-precision geometric files, 2D manufacturing drawings, mechanical component designs, circuit board layouts, and internal engineering PDFs.
In addition to Apple product data, the group claims it has its hands on information belonging to Nvidia, LG, Tesla, Geely, and other major Luxshare customers.
The hackers later wrote that while Luxshare management had been given plenty of time to respond, they had failed to do so.
“We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company. We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked,” the attackers claimed.
The attackers said the stolen information cache included confidential project documentation protected under non-disclosure agreements. The group provided data samples as proof of compromise.
Cybernews reports that its research team has reviewed portions of the leaked sample data and found that it appeared to be legitimate internal Luxshare documentation related to Apple projects, including confidential repair procedures and logistics workflows between Apple and Luxshare. The information included in-depth process descriptions, timelines, and more.
Files commonly used in product design and manufacturing workflows were included in the samples the publication reviewed. The projects referenced in the samples span a period from 2019 through to 2025. That means that unreleased products may be included. The sample data also appears to include personally identifiable information of employees involved in Apple projects, including full names, job titles, and work email addresses.
Exposure of such contact information and internal workflows could also lead to targeted phishing attacks, as well as follow-up attacks on Apple’s other partners.
As noted by Cybernews, the attackers claim they have archives containing:
“The archives contain data from Apple, Nvidia, as well as LG, Geely, Tesla, and other large companies whose production and R&D information is publicly available. Protected by a non-disclosure agreement,” say the attackers.
Apple and Luxshare have yet to confirm the cyberattack took place.