Massive 630 GB Supply Chain Leak Drops Secret Apple Blueprints on the Dark Web
Tero Vesalainen / Shutterstock
Toggle Dark Mode
Another Apple supplier has been hit with a cyberattack, with hackers reportedly seizing thousands of files that likely include confidential specifications and designs for Apple’s products and components.
While Apple is no stranger to these kinds of attacks, many occur within Apple’s East Asian supply chain — countries like China and Taiwan. However, this latest one comes from a more unusual source: Tata Electronics in India.
That’s probably not too surprising, considering how rapidly Apple has been expanding its supply chain there. While Foxconn still makes up the lion’s share of Indian iPhone production, Tata has become a force to be reckoned with, after acquiring the Indian operations of Taiwan’s Wistron along with a controlling interest in Pegatron. This placed 75,000 employees under its umbrella and made it the largest Apple supplier in the country by headcount. It also supplies semiconductors to Tesla and has partnerships with Intel and Qualcomm.
According to Reuters, the World Leaks ransomware group has claimed to have lifted more than 200,000 files totaling over 630 GB of data. Samples and listings of those files have been posted on the dark web and include files and documents that appear to be Apple factory data and refer to “material specifications.”
The company confirmed in a statement that it was aware of a breach, but declined to comment on what was taken, which of its customers were affected, or any ransom demands from World Leaks.
A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.
However, a source familiar with the matter told Reuters that Tata had indeed received a ransom demand, adding that Apple is also investigating the breach and a “full analysis is going on.”
After reviewing a sample of the files, TechCrunch confirmed that they “appear to be Apple supplier specifications and Tesla manufacturing documents,” but added that they couldn’t independently verify their authenticity.
The attack isn’t the first for Tata Electronics. Last year, Reuters reported that its British Jaguar Land Rover group had to halt output for six weeks after a cyberattack left its operations paralyzed.
It’s also not the first time Apple data has been compromised through its supply chain. In 2017, a London-based hacking group calling itself the Turkish Crime Family made the bold threat that millions of iOS devices would be wiped unless Apple paid a ransom. While they never made good on that, publications such as ZDNet were able to verify that at least some of the account information and passwords obtained by the group were legitimate — although much of it was not, and analysts doubted the group had access to as many accounts as it claimed.
In 2021, a Russian hacking group known as REvil (aka Sodinokibi) demanded $50 million from Apple under threat of releasing MacBook schematics stolen from Apple manufacturing partner Quanta in Taiwan. The group initially tried to get Quanta to pay the ransom, but after failing to gain traction there, pivoted to Apple, presumably believing it might be an easier target thanks to its deep pockets.
More recently, Apple supply partner Luxshare, which manufactures several mainstream Apple products, was hit with a major cyberattack pulling down 1 TB of confidential Apple information, including 3D CAD product models, circuit board layouts, internal engineering PDFs, confidential repair procedures, personnel data, and more. Only months later, Foxconn confirmed a cyberattack at some of its North American facilities, with the group claiming responsibility saying it had stolen eleven million files, totalling around 8 TB of data.
While there’s no indication that any of these groups have ever made good on their threats to release this information, in many cases their barks have probably been worse than any potential bites. Much of the data obtained in these attacks is likely only mildly confidential and probably rather dull to anyone who doesn’t already work in the manufacturing industry.
While it’s easy to have visions of secret plans for future Apple products being among the files, Apple rarely gives such information to its suppliers, and when it does, it’s usually so compartmentalized that no one supplier has the full picture of what’s going on. That’s why so many of the leaks we do hear from Apple’s supply chain end up being speculation based on individual components like screens and sensors, leaving analysts to guess what those might ultimately be used for.
