Foxconn suffered a ransomware cyberattack that disrupted some of its North American factories, which have now resumed normal production operations [1, 2]. The hacking group Nitrogen claimed responsibility, announcing it stole over 11 million files, including confidential information on major Foxconn customers such as Apple, Dell, Google, Intel, and Nvidia [1].
Nitrogen operates as a double-extortion ransomware group, encrypting data while threatening to leak stolen information to pressure victims into paying ransom [1, 2]. According to Wired, Nitrogen disclosed having acquired approximately 8 terabytes of sensitive data including schematics and project details relating to Dell, Google, Apple, and Nvidia [2].
Foxconn confirmed that several of its North American factories were targeted by a cyberattack but did not verify the specifics of the data breach or the ransomware claims [1, 2]. As a key manufacturing partner for technology giants including Apple, Google, Nvidia, Sony, Dell, and Intel, the attack risks exposing valuable intellectual property [1].
Experts note that ransomware groups increasingly target companies that hold critical supply chain data. Allan Liska, a threat intelligence analyst at Recorded Future, said, "Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software. So it’s unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world" [2].
Foxconn has faced ransomware attacks before, including significant incidents in December 2020, May 2022, and in 2024 [2].
The incident came to light between May 11 and May 12 when Nitrogen publicly listed Foxconn as breached on their leak site [1, 2]. The next step involves monitoring Foxconn’s ongoing recovery efforts and any further disclosures about the scope of stolen data.
