WorldLeaks Hit Tata Electronics. Apple and Tesla Trade Secrets Are Now on the Dark Web.

Hunters International announced it was shutting down operations in July 2025. It rebranded as WorldLeaks, dropped its ransomware encryptor, and went pure data extortion. Same infrastructure. Same operators. New banner to reset the law enforcement clock.

On June 10, 2026, WorldLeaks claimed Tata Electronics.

What Tata Electronics Is

Tata Electronics is one of the largest electronics manufacturers in India and a key supplier in the hardware chains for Apple and Tesla. Apple iPhones are assembled in Tata facilities. Tesla sources components and engineering support from the group. When a supplier of this scale gets breached, the exposure is not limited to their own data.

What Was Taken

WorldLeaks published 630 gigabytes across 204,341 files. Tata confirmed the incident. The company said operations were not impacted.

The dump includes:

Apple documents — manufacturing data, component specifications, and internal files tied to Apple product lines produced at Tata facilities.

Tesla documents — a folder labeled "NV36 Chargeport Controller — North America" referencing components for the updated Model Y, and a 2023 document labeled "TRADE SECRET" containing engineering drawings for Project Highland, Tesla's internal codename for the revamped Model 3 sedan. Tesla has not commented.

Employee passport scans, multi-year event logs, and internal emails.

Apple confirmed it is reviewing the incident. Tesla has not responded.

WorldLeaks: Hunters International with the Serial Numbers Filed Off

The operational continuity between Hunters International and WorldLeaks is documented. Hunters International ran encrypted ransomware operations through mid-2025 and was attributed to attacks on dozens of organizations across healthcare, manufacturing, and logistics. After announcing a wind-down in July 2025, the group reconstituted as WorldLeaks — operating exclusively as a data theft and extortion operation, no encryption, no decryption key negotiations.

The tactical shift makes sense. Encryption creates evidence of criminal activity that is easy to prosecute. Data theft and extortion is harder to charge. Several recent law enforcement operations targeted ransomware operators specifically for the encryption component. WorldLeaks sidesteps that exposure while retaining the leverage model.

The Tata Electronics incident is the most significant confirmed WorldLeaks operation to date. Apple and Tesla trade secrets are now on a dark web leak site. The data has been available since at least June 10 per researcher Rajshekhar Rajaharia's verification.

The Supply Chain Read

Apple and Tesla were not directly breached. Their supplier was. The engineering drawings, component specifications, and trade secrets that left the building were Tata's to protect, but they belong to Apple and Tesla. This is the supply chain risk in its cleanest form: your security posture is only as strong as the weakest link in your manufacturing and component chain.

For organizations that outsource hardware manufacturing or component design to third-party suppliers, the question is not whether those suppliers have been breached. The question is whether those suppliers' breach notification obligations are contractually clear and whether your NDA and data handling agreements have teeth.

Apple's Project Highland schematics are on a dark web server. Tesla's chargeport controller specifications are on a dark web server. Tata's business operations continued normally.

Sources: BleepingComputer — Tata confirms attack — CyberInsider — WorldLeaks/Apple — ransomware.live/group/worldleaks — Cybernews — Apple Tesla files

The threat feed this post is built on

1.14M+ IOCs, STIX 2.1, precursor signals, supply-chain detection. Free API key in 30 seconds.

Get your free key → analytics.dugganusa.com/stix/register