Foxconn Confirms Cyberattack as Nitrogen Ransomware Exposes 8TB of Stolen Data
Foxconn, a leading electronics manufacturer and a key supplier to Apple, has confirmed a cyberattack that disrupted operations at several of its North American facilities. The ransomware group known as Nitrogen has claimed responsibility for the incident, alleging that it has exfiltrated a significant amount of data from Foxconn’s systems.
Details of the Attack
Nitrogen has asserted that it stole over eight terabytes of data, which purportedly includes more than 11 million files. Reports indicate that the group may also possess schematics related to major technology companies that collaborate with Foxconn. Despite these claims, Foxconn has not publicly confirmed whether any data was indeed stolen, whether its systems were encrypted, or if a ransom demand was made.
In a statement regarding the incident, Foxconn’s cybersecurity team reported that they responded immediately upon detecting the breach. The company acknowledged that some of its factories in North America were affected and activated emergency response measures to ensure continuity in production and delivery. Foxconn stated that affected facilities are gradually resuming normal operations.
While the specific factories impacted by the ransomware attack have not been disclosed, Foxconn operates over 230 factories and offices across 24 countries, with significant operations in Wisconsin, Texas, and other regions of the United States.
Employee Experiences and Operational Disruptions
The cyberattack first became apparent when employees at one of Foxconn’s Wisconsin facilities reported severe IT disruptions. Workers experienced Wi-Fi issues and were eventually sent home due to widespread network outages. One employee noted that computers malfunctioned, forcing staff to complete tasks manually using paper and pen.
Initially, Foxconn confirmed only that it was facing technical issues and had activated emergency response protocols. The company later indicated that certain functions affected by the cyberattack were being restored.
Claims of Data Theft by Nitrogen
On May 11, the Nitrogen ransomware group listed Foxconn on its leak site, claiming to possess around eight terabytes of data obtained during the attack. They shared sample images purportedly as evidence of the breach. However, these claims remain unverified. Reports indicate that independent sources could not confirm the authenticity of the files posted by Nitrogen or whether the alleged leak was directly linked to the operational disruptions at Foxconn’s facilities.
Foxconn has not confirmed any involvement of ransomware, data theft, or the existence of a ransom demand. The company has characterized the disruptions as technical issues affecting its IT systems, with restoration efforts ongoing.
Technical Context and Implications
Cybersecurity experts have linked the Nitrogen ransomware activity to tools and infrastructure associated with the now-defunct Conti ransomware operation. Researchers at Barracuda Networks have described Nitrogen as a sophisticated and financially motivated threat group that emerged as a malware developer and operator in 2023. Experts suggest that the Nitrogen ransomware strain may have been developed using a builder derived from the Conti ransomware codebase.
The increasing sophistication of ransomware groups poses significant concerns for the manufacturing sector, particularly for companies managing extensive supply chains and sensitive operational infrastructures.
History of Cyberattacks on Foxconn
This incident is not the first time Foxconn has faced threats from ransomware gangs. The company has been targeted multiple times in recent years. In 2024, Foxconn’s semiconductor division reportedly suffered a ransomware attack attributed to the LockBit gang. Prior to that, Foxconn’s manufacturing facilities in Mexico were targeted in 2022 by the same group, and another ransomware attack impacted operations in Mexico in 2020.
As the world’s largest contract electronics manufacturer, Foxconn produces hardware for major companies, including Apple, Google, Microsoft, and Cisco. The company reported approximately $258.3 billion in revenue in 2025, underscoring the scale of its operations and the potential global ramifications of disruptions caused by ransomware attacks.
Foxconn’s recent cyberattack highlights the ongoing vulnerabilities faced by large manufacturers in an increasingly hostile cyber landscape. As the company continues to respond to this incident, the broader implications for supply chain security and operational resilience remain critical areas of focus.
For further updates on the Foxconn cyberattack, please refer to the original reporting source: thecyberexpress.com.
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
