A major ransomware incident at Chinese electronics manufacturer Luxshare, one of Apple’s key contract partners, is drawing attention to the fragility of cybersecurity in global technology supply chains. The RansomHub ransomware group claims it has compromised Luxshare’s internal systems and is threatening to publish sensitive data related to multiple global brands if a ransom is not paid.
Ransomware attack on Luxshare: what has been reported
Luxshare is a large-scale electronics manufacturing services (EMS) provider employing more than 230,000 staff with annual revenue exceeding USD 37 billion. The company is a critical link in the Apple supply chain, assembling a substantial share of iPhone, AirPods, Apple Watch and Vision Pro devices, as well as hardware for other leading technology companies.
According to Cybernews, the incident occurred in December 2025. On 15 December, RansomHub reportedly posted on its dark web portal that it had successfully breached and encrypted part of Luxshare’s data. The group alleges that it waited for Luxshare’s reaction and accuses the company’s IT team of attempting to suppress information about the breach, escalating its demands with threats of a large-scale data leak.
What data may have been compromised at Luxshare
Journalists who reviewed samples released by the attackers noted internal documents describing logistics workflows and device repair processes carried out under cooperation agreements between Apple and Luxshare. These materials include timelines, procedural descriptions and references to interactions with other Luxshare customers.
Exposure of CAD files and technical documentation
Particularly sensitive are files in .dwg and .gerber formats, widely used in computer‑aided design (CAD) for electronics and printed circuit boards. Access to such files can reveal elements of design, schematics and layout documentation that are core intellectual property for any hardware manufacturer.
Based on the published samples, affected documents appear to span the period from 2019 to 2025. In addition, the leak reportedly contains personal data of Luxshare employees, including full names, job titles and corporate email addresses. Such information can fuel future spear‑phishing campaigns, social engineering attacks and account takeover attempts.
Claims of access to data from Apple, Nvidia, LG, Geely and Tesla
RansomHub further claims that the stolen archives include highly sensitive data belonging to Luxshare’s clients, including Apple, Nvidia, LG, Geely, Tesla and others, covered by strict non‑disclosure agreements (NDAs). By emphasizing that NDA‑protected material is allegedly at risk, the group is attempting to increase pressure on both Luxshare and its customers.
Cybersecurity risks for Apple, Nvidia, LG and the global tech supply chain
If the scale of the attack is confirmed, the potential impact on the broader electronics ecosystem could be substantial. Detailed design files, logistics diagrams and internal process documentation are high‑value assets for both competitors and cybercriminals. Such data can be used to:
— perform reverse engineering and produce counterfeit devices that closely mimic genuine products;
— identify ways to bypass hardware security mechanisms and discover hardware‑level vulnerabilities;
— stage further attacks on other parts of the supply chain, including component vendors and logistics partners;
— enable double extortion (holding both systems and data hostage) and the resale of stolen information on underground markets.
Recent threat intelligence reports consistently show that ransomware actors are increasingly targeting manufacturing and technology companies. IBM’s X‑Force research, for example, has identified manufacturing as one of the most attacked industries for several consecutive years, with ransomware and extortion accounting for a significant share of incidents. Complex, globally distributed supply chains and tightly coupled production schedules mean that even short disruptions can translate into large financial and operational losses.
Supply chain cybersecurity lessons from the Luxshare incident
The reported attack on Luxshare underscores that the cybersecurity posture of suppliers and contractors is now as critical as the internal security of major brands themselves. Even if a company like Apple invests heavily in its own defenses, the compromise of a single strategic partner can expose sensitive intellectual property and disrupt the entire ecosystem.
From a risk‑management perspective, effective mitigation requires a structured, supply‑chain‑wide approach that includes:
— Continuous vendor risk assessments and independent audits of supplier cybersecurity controls, particularly for those handling CAD files and proprietary designs;
— Network segmentation and least‑privilege access, ensuring that compromise of one environment does not automatically open access to core design or production systems;
— Encryption and strict data governance for confidential documentation, including CAD and Gerber files, with controlled sharing, expiry and access logging;
— Multi‑factor authentication (MFA), strong identity management and real‑time monitoring for anomalous user and system activity;
— Incident response playbooks that explicitly cover scenarios involving critical suppliers, including coordinated communication, forensics and recovery exercises.
At the time of writing, media report that Luxshare and Apple have not provided detailed public comments on the incident. Regardless of the final outcome of any investigation, this case is a reminder that protecting intellectual property, technical documentation and employee data must be treated as a strategic priority. Organizations in electronics and high‑tech manufacturing should use this event as a trigger to reassess their supply chain security requirements, strengthen oversight of key partners and proactively close gaps before similar attacks affect their own operations.
