A ransomware and extortion group known as RansomHouse has reportedly compromised Luxshare Precision Industry, a significant manufacturing partner for Apple Inc., which is based in China. The group has disclosed a victim profile on its dark web leak site, explicitly naming Luxshare and enumerating several of its prominent clients.
In their announcement, RansomHouse provides insight into Luxshare’s operations, including its scale, revenue, and influence in sectors such as consumer electronics, telecommunications, and automotive manufacturing. Apple is notably mentioned as a key client, alongside other major firms like Nvidia, Meta, and Qualcomm.
The attackers allege they have gained access to sensitive technical information, such as 3D CAD models, PCB design files, and internal documentation. For hardware manufacturers, the possession of such information could have severe implications, potentially jeopardizing product integrity and intellectual property.
In the group’s post, they included two .Onion download links that supposedly contain evidence packs and data related to Apple projects. Although these links are claimed to be accessible without a password, both are currently inactive, indicating that the domains are offline. As a result, there are no sample files or screenshots available for verification, casting doubt on the legitimacy of the claims. Notably, a date of “15/12/2025” is referenced, which the group asserts is when the data was encrypted.
The status message on the group’s page reads “Depends on you,” suggesting ongoing ransom demands or negotiations. Until Luxshare acknowledges the situation or verifiable data is made public, the assertion remains unverified.
About RansomHouse
RansomHouse emerged around late 2021, with its first recorded actions noted in December of that year. The group established its dark web extortion platform by March 2022. Investigative sources suggest that the group’s operations may have roots in Russia or Eastern Europe, inferred from their infrastructure and language patterns.
Moreover, there appears to be a technical connection to another notorious operation. RansomHouse may share code with Babuk, a ransomware group that disbanded following internal strife and a source code leak, leading to speculation that RansomHouse could be a rebranding or an offshoot of Babuk’s original team.
Despite branding itself as a “professional mediator community” focused on exposing security vulnerabilities, their operational methods indicate otherwise. RansomHouse predominantly functions as a Ransomware-as-a-Service (RaaS) platform, employing data theft and extortion tactics, rather than directly encrypting systems.
In terms of potential tactics employed, the MITRE ATT&CK framework could suggest initial access techniques such as phishing or exploiting vulnerabilities to gain entry to Luxshare’s systems. Following this, the group might have deployed persistence methods to maintain their foothold, possibly escalating privileges to gain broader access to sensitive data.
