Foxconn Confirms Cyberattack on North American Factories by Nitrogen Ransomware Gang
Electronics giant Foxconn has confirmed a key Apple supplier confirmed a ransomware attack on its North American factories with the Nitrogen gang claiming theft of 8 TB of data including confidential client documents.
Foxconn, the world's largest electronics manufacturer, has confirmed that some of its North American factories were hit by a ransomware attack attributed to the Nitrogen ransomware gang known Nitrogen ransomware gang. The company, which employs over 900,000 people across 240 campuses in 24 countries and reported revenues exceeding $260 billion in 2025, acknowledged the incident after BleepingComputer reached out for comment. The attack has disrupted operations at several facilities, though Foxconn says its cybersecurity team has activated response mechanisms and that affected factories are now resuming normal production.
The Nitrogen ransomware operation has claimed responsibility for the attack, posting Foxconn on its dark web leak site and alleging that it stole 8 TB of data, including more than 11 million documents. According to the threat actors, the stolen files contain "confidential instructions, projects and drawings" from major Foxconn clients such as Apple, Nvidia, Intel, Google, AMD, and others. The scale of the data theft, if confirmed, could represent a significant supply-chain intelligence breach for some of the world's largest technology companies.
Nitrogen first emerged in 2023 as a malware loader that deployed BlackCat/ALPHV ransomware payloads. The group later developed its own ransomware strain using leaked code from the Conti 2 builder. However, security researchers at Coveware have noted a critical flaw in the group's ESXi encryptor: a coding mistake causes it to encrypt all files with the wrong public key, irrevocably corrupting them. Despite this technical limitation, Nitrogen has slowly built a victim list on its leak site since 2024, though it is not considered one of the most active ransomware operations.
Foxconn has been a frequent target of ransomware attacks in recent years. In January 2024, the LockBit ransomware gang claimed to have hit Foxconn subsidiary Foxsemicon, and in late May 2022, LockBit also targeted a Foxconn production plant in Tijuana, Mexico. Earlier, in December 2020, the DoppelPaymer ransomware operation struck Foxconn's CTBG MX facility in Ciudad Juárez, demanding a $34 million ransom after allegedly stealing 100 GB of data, encrypting up to 1,400 servers, and destroying 20 to 30 TB of backup data. This pattern of repeated targeting highlights the persistent vulnerability of large manufacturing and supply-chain companies to ransomware attacks.
The incident underscores the growing threat posed by ransomware groups that specifically target high-value manufacturing firms with deep ties to the technology sector. The theft of proprietary designs and client data from a contract manufacturer like Foxconn could have cascading effects on product security and intellectual property protection across multiple major tech brands. Foxconn has not disclosed whether any ransom demand was made or whether it intends to pay, and the company continues to work on fully restoring normal operations at the affected North American factories.