Foxconn Confirms Cyberattack Disrupted North American Factories; Nitrogen Ransomware Group Claims 8 TB Data Theft
Electronics manufacturing giant Foxconn confirmed a cyberattack disrupted some of its North American factories, with the Nitrogen ransomware group claiming responsibility and alleging theft of 8 terabytes of data from clients including Intel, Apple, and Nvidia.
Foxconn, one of the world's largest electronics manufacturers and the primary assembler of Apple iPhones, confirmed that a cyberattack disrupted operations at some of its North American factories. The company stated that its cybersecurity team responded immediately and that affected facilities are resuming normal production as of Tuesday. Foxconn did not disclose when the attack occurred, what systems were compromised, or whether a ransom was demanded.
The Nitrogen ransomware group claimed responsibility for the attack on its data leak site, alleging it stole 8 terabytes of data spanning more than 11 million files. The group posted screenshots of what it claims are stolen documents, including "confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects." Apple and other named companies did not respond to requests for comment.
Nitrogen first emerged in 2023, initially using the ALPHV ransomware variant, according to Cynthia Kaiser, senior vice president at Halcyon's Ransomware Research Center. By 2024, the group had incorporated stolen code from the Conti ransomware family to build custom tools targeting Windows and VMware server environments. The group has increasingly focused on manufacturing and technology sector organizations.
However, security researchers have raised questions about the veracity of Nitrogen's claims. Kaiser noted that recent Nitrogen leak site posts lack working file listings and rely on older file images, suggesting the group may be inflating data-theft claims to pressure victims into paying higher ransoms. Ismael Valenzuela, vice president of threat research at Arctic Wolf Labs, described Nitrogen's playbook as consistent: stealing data before encrypting systems to maintain leverage through both operational disruption and the threat of data exposure.
Foxconn, also known as Hon Hai Precision Industry and headquartered in Taiwan, reported $259 billion in revenue last year. The company's North American footprint includes multiple factories in Mexico, Wisconsin, Ohio, Texas, Virginia, and Indiana. The attack underscores the persistent targeting of critical manufacturing infrastructure by ransomware groups, with supply chain implications given Foxconn's role in producing devices for major technology vendors.
The incident follows a pattern of ransomware groups targeting large manufacturers to maximize disruption and ransom potential. Nitrogen's tactics indicate it is not opportunistic but rather "operating with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment," Valenzuela added. Foxconn has not confirmed the full scope of compromised data or whether any client intellectual property was exposed.