Foxconn Confirms Cyberattack Impacting North American Factories, Nitrogen Ransomware Gang Claims 8TB Data Theft
Taiwanese electronics giant Foxconn confirmed a cyberattack affecting its North American factories, with the Nitrogen ransomware gang claiming responsibility and alleging theft of 8 terabytes of data.
Taiwanese electronics manufacturer Foxconn confirmed that its North American factories were hit by a cyberattack, causing network outages and production disruptions. The company said facilities in Wisconsin, Ohio, Texas, Virginia, Indiana, and Mexico were affected, but operations are now resuming normal production cycles. A spokesperson declined to provide specifics on the number of impacted factories but stated that the cybersecurity team immediately activated response mechanisms.
The Nitrogen ransomware gang took credit for the attack on Monday, claiming to have stolen 8 terabytes of data and millions of files, including technical information from several prominent tech firms. Cybersecurity experts believe Nitrogen is built on the Conti ransomware framework, using a builder derived from the now-defunct Conti group. Researchers at Barracuda Networks described Nitrogen as a sophisticated and financially motivated threat group first observed in 2023.
An employee at Foxconn's Wisconsin factory told DysruptionHub that Wi-Fi issues began on Friday, leading to employees being sent home due to network outages. Computers were non-functional, forcing staff to use paper and pen for various tasks. Foxconn initially confirmed technical issues and said it had implemented emergency response mechanisms.
Foxconn, the world's largest contract manufacturer of electronics, reported $258.3 billion in revenue in 2025. The company produces devices for Apple, Google, Microsoft, Cisco, and others. This is not the first time Foxconn has been targeted by ransomware gangs. In 2024, its semiconductor segment was attacked by LockBit, and in 2022, the same group targeted its Mexican factories. Another ransomware attack hit Mexican facilities in 2020.
The Nitrogen ransomware strain is relatively new but has quickly gained notoriety. Its use of the Conti builder suggests a high level of sophistication, as Conti was one of the most damaging ransomware operations before its shutdown. The group's claim of stealing 8 terabytes of data, if true, could have significant implications for Foxconn's clients, potentially exposing sensitive technical information.
Foxconn has not disclosed whether any customer data was compromised or if ransom demands were made. The company is working with cybersecurity experts to investigate the incident and restore full operations. The attack highlights the persistent threat ransomware poses to critical manufacturing infrastructure, especially for companies that serve as linchpins in global supply chains.
As Foxconn recovers, the incident serves as a reminder that even the largest and most experienced companies remain vulnerable to cyberattacks. The use of ransomware strains derived from previous successful operations indicates that threat actors continue to evolve and adapt their tools to maximize impact.