Foxconn Confirms North American Factories Hit by Nitrogen Ransomware Attack
Electronics manufacturing giant Foxconn has confirmed a ransomware attack on its North American factories by the Nitrogen group, which claims to have stolen 8TB of data including schematics for Apple, Intel, and Nvidia.
Taiwanese electronics manufacturing giant Foxconn has confirmed that some of its North American factories have been hit by a cyberattack carried out by the Nitrogen ransomware group. The company, best known as the world's largest provider of manufacturing services for Apple and other major global tech brands, disclosed the incident after the Nitrogen group listed Foxconn on its Tor-based leak website on March 12.
"The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production," Foxconn told SecurityWeek. The attackers claim to have stolen 8TB of data representing more than 11 million files, including confidential documents and schematics related to major customers such as Intel, Apple, Google, Dell, and Nvidia. The cybercriminals have published several screenshots to demonstrate their claims.
The Nitrogen ransomware group has been active since late 2024 and its website currently lists a few dozen organizations, including in the manufacturing, technology, and finance sectors. The threat actor relies on file encryption and data theft to pressure victims into paying a ransom. This attack on Foxconn follows a pattern of repeated targeting of the company by ransomware groups in recent years. Foxconn subsidiary Foxsemicon was also targeted by a ransomware gang in 2024.
The breach underscores the persistent threat to the global electronics supply chain, where a single compromise can expose sensitive intellectual property from multiple industry leaders. Foxconn's role as a contract manufacturer for the world's most valuable technology companies makes it a high-value target for cybercriminals seeking to extort large ransoms or sell stolen data on underground markets.
Foxconn has not disclosed whether any customer data was actually exfiltrated or whether a ransom demand was made. The company stated that affected factories are resuming normal production, suggesting that operational disruption was limited. However, the full scope of the data theft and its potential impact on Foxconn's clients remains under investigation.
Security experts note that the Nitrogen group's tactics—combining encryption with data theft—are increasingly common among ransomware operations. The group's ability to breach a major manufacturer like Foxconn highlights the need for robust network segmentation, endpoint detection, and incident response planning in industrial environments.
This incident serves as a reminder that even the most security-conscious organizations can fall victim to sophisticated ransomware attacks. As the investigation continues, Foxconn and its customers will be closely monitoring for any leaked data on the dark web.