Foxconn Confirms North American Cyberattack Following Nitrogen Ransomware Claims
Foxconn has confirmed a cyberattack on its North American facilities after the Nitrogen ransomware gang claimed to have stolen 8 terabytes of sensitive data belonging to the manufacturer's high-profile clients.
Foxconn, a primary manufacturing partner for global technology giants, has confirmed that several of its North American facilities were hit by a cyberattack. The incident, which disrupted operations at the affected sites, was publicly disclosed after the Nitrogen ransomware gang added the company to its data leak portal, claiming responsibility for the intrusion The Register.
The attackers allege they successfully exfiltrated 8 terabytes of data, consisting of more than 11 million files. According to the group's claims, the stolen information includes highly sensitive technical drawings, internal project documentation, and confidential instructions related to major clients, including Apple, Nvidia, Intel, Google, and Dell The Register. While Foxconn has acknowledged the attack, the company has not confirmed whether any specific customer data was compromised during the breach.
Nitrogen is a ransomware operation that has been active since 2023 and is widely believed to be an offshoot that utilizes code derived from the leaked Conti 2 ransomware builder The Register. The group’s tactics are particularly concerning for victims because of a known technical flaw in their software. Research from Coveware in February indicated that a programming error in the gang's decryptor—specifically regarding its VMware ESXi targeting module—renders it incapable of successfully recovering encrypted files, meaning ransom payments are effectively futile The Register.
In response to the intrusion, Foxconn activated its internal cybersecurity incident response mechanisms. The company stated that it implemented various operational measures to maintain production continuity and delivery schedules. Foxconn confirmed that the affected North American factories are currently in the process of resuming normal operations The Register.
This incident marks the latest in a series of security challenges for the Foxconn Technology Group. The organization has previously been targeted by other ransomware actors, including a 2024 attack on its semiconductor equipment subsidiary, Foxsemicon Integrated Technology, and a 2022 breach involving a Foxconn subsidiary located in Mexico The Register.
The targeting of major supply chain entities like Foxconn highlights the persistent risk posed by ransomware groups seeking to leverage stolen intellectual property for extortion. As these criminal operations continue to evolve—often repurposing legacy code like that of the Conti group—the inability to reliably recover data even after payment underscores the critical importance of robust offline backups and proactive network segmentation. Observers will be watching to see if the leaked data begins to appear on public forums or if the threat actors attempt to escalate their extortion tactics against Foxconn's partners.