Skip to content
You can now search across every topic, entity and event.What's new
Cybersecurity: Threats and Defences
4JUL

Leak crews squeeze Tata and Nidec

2 min read
11:00UTC

World Leaks dumped 630GB stolen from Tata Electronics, including purported Apple and Tesla design files, while Blackfield demanded $2m from Japan's Nidec.

TechnologyDeveloping
Key takeaway

Extortion crews are hitting suppliers whose most sensitive stolen data belongs to Apple and Tesla.

World Leaks posted more than 200,000 files, over 630GB, stolen from Tata Electronics to its leak site, including purported Apple manufacturing specifications and Tesla engineering drawings marked TRADE SECRET tied to Project Highland, the codename for the revamped Model 3. Tata restricted remote access to its purchase-order systems and hired a forensic consultant. 1 Separately, Blackfield demanded $2m from Nidec, the $17.2bn-revenue electric-motor maker, after breaching a Chaun Choung Technology server around 22 June, offering immediate download of the data for $400,000. 2

Both crews run the publish-or-pay leak-site play that Rhysida used against Stuttgart in May : steal the data, threaten to release it, name a price. World Leaks and Blackfield are aiming that tactic at tier-1 manufacturing suppliers whose chief assets are their customers' unreleased designs, which is what sharpens the leverage.

A supplier cannot indemnify Apple's product roadmap or Tesla's engineering choices, because the exposed value sits on a balance sheet that is not its own. That is what makes extortion at this layer so hard to price, and why restricting remote access, as Tata did, treats the symptom rather than the exposure.

Deep Analysis

In plain English

Some cyber-criminal groups no longer bother locking up a victim's computers with ransomware; instead, they steal huge amounts of confidential files and threaten to publish them unless paid. That is what happened to Tata Electronics, an Indian company that manufactures parts for Apple and, according to the leaked files, drawings related to a future Tesla car project. A group called World Leaks says it stole more than 200,000 files, around 630 gigabytes, some marked as trade secrets. Separately, another group called Blackfield demanded $2 million from Nidec, a Japanese electronics maker, after breaking into a server belonging to one of Nidec's smaller suppliers. Both cases show how criminals now target the weaker links in a big brand's supply chain rather than the brand itself, since a supplier is often easier to break into but still holds the brand's secrets.

Deep Analysis
Root Causes

World Leaks operates a pure data-extortion model, with no encryption payload, a deliberate shift by its operators, previously behind Hunters International, after ransomware-specific prosecutions and sanctions made deploying and monetising encryptors legally riskier than simply stealing and threatening to publish data.

Electronics contract manufacturers like Tata Electronics sit inside a dense subcontracting chain for Apple and Tesla, where design files marked confidential pass through several tiers of suppliers with uneven security standards. A breach at any one tier can expose a prime brand's intellectual property without the prime ever being directly compromised.

What could happen next?
  • Risk

    Apple and Tesla face reputational and intellectual-property exposure from a breach neither company suffered directly, illustrating how supply-chain leverage can reach a prime brand without compromising its own network.

  • Precedent

    World Leaks' pure data-extortion model, without an encryption payload, may signal more operators shifting away from encryptors as law-enforcement pressure on deploying and monetising malware increases.

First Reported In

Update #9 · FortiBleed harvest linked to Lynx crew

Business Standard· 4 Jul 2026
Read original
Different Perspectives
UK managed service providers and data centre operators
UK managed service providers and data centre operators
Newly brought into critical-infrastructure scope by the Cyber Security and Resilience Bill's Lords second reading, facing fines up to £17m or 4% of global turnover and a new near-miss reporting duty they did not previously carry. The sector moves from best-practice guidance to statutory exposure within this Parliamentary session.
Threat-intelligence industry
Threat-intelligence industry
SOCRadar's confirmation that one operator sits on two ransomware crews' negotiation panels, following Bitdefender's affiliate-overlap flag six weeks earlier, gives the sector its second independent data point that brand-based tracking undercounts shared access. The firms doing this work are shifting language from named-group attribution toward access-broker mapping.
FSB Centre 16
FSB Centre 16
Named by NCSC as running an SNMP-hijacking campaign against communications, energy, healthcare, defence and financial-services operators, harvesting device data and reconfiguring routers through a decades-old plaintext-authentication protocol. The campaign runs in parallel to, not in place of, the GRU's separate DNS-hijacking operation named in April.
CISA
CISA
CISA's Known Exploited Vulnerabilities catalogue added seven CVEs between 5 and 14 July, none from a headline security vendor, capped by the 18-year-old Cisco IOS bug CVE-2008-4128. BOD 26-04's risk-tiered listing rules make that slowdown as much a policy artefact as a threat-intensity read.
Nidec
Nidec
Nidec faces a $2m demand from Blackfield after the crew breached a server at its supplier Chaun Choung Technology rather than Nidec's own network. The attack reached Nidec's data without touching its own perimeter at all, the same supply-chain route World Leaks used against Tata Electronics.
Tata Electronics
Tata Electronics
Tata Electronics restricted remote access to its purchase-order systems and hired a forensic consultant after World Leaks posted 630GB of its files, including purported Apple and Tesla design material, to a leak site. The exposed value sits on its customers' balance sheets, not its own, which is what makes it hard to price.