Headline
RansomHouse Claims Data Breach at Major Apple Contractor Luxshare
RansomHouse claims to have breached Apple contractor Luxshare, but no evidence has been released. Links are offline and the breach remains unverified.
A ransomware and extortion group called RansomHouse claims to have breached Luxshare Precision Industry, a China-based key manufacturing partner and contractor of Apple Inc. The group published a victim profile on its dark web leak site, naming Luxshare and listing several of its major clients.
The group’s post outlines Luxshare’s scale, revenue, and role across consumer electronics, communications, and automotive sectors. Apple is highlighted as a major client, alongside names like Nvidia, Meta, Qualcomm, and others.
The post goes on to claim access to sensitive engineering data, including 3D CAD models, PCB design files, and internal documentation. These kinds of files would be serious for any hardware manufacturer.
The group has also included two .Onion download links, supposedly offering evidence packs and Apple-related project data. Both are labeled as not requiring a password, yet neither is currently active. Opening the links shows that both domains are offline.
Therefore, there are no sample files, no screenshots to analyse, and no way to verify whether any data exists. However, the screenshot does show a date of “15/12/2025,” which the group claims is when the data was encrypted.
The current status on the page reads “Depends on you,” a vague message that appears to hint at ongoing ransom negotiations or demands. Nevertheless, until Luxshare confirms an incident or the attackers release verifiable data, the claim remains just that.
Screenshot from the dark web .onion leak site of the RansomHouse group (Credit: Hackread.com)
****About RansomHouse****
RansomHouse surfaced around late 2021, with its first known activity tracked to December of that year. By March 2022, the group had launched its dark web extortion site. Investigators believe the operation has links to Russia or Eastern Europe, based on infrastructure and language patterns.
There’s also a technical overlap with another well-known group. RansomHouse appears to share code with Babuk, a ransomware operation that fell apart after internal conflict and a source code leak. That connection has led to speculation that RansomHouse may be a rebrand or offshoot of Babuk’s original crew.
Despite calling themselves a “professional mediator community” focused on highlighting security flaws, their methods tell a different story. The group functions more like a Ransomware-as-a-Service (RaaS) outfit, targeting companies through data theft and extortion rather than encrypting systems directly.