Foxconn confirmed a cyberattack on its North American facilities after ransomware gang Nitrogen claimed stealing 8 terabytes of data. The group posted the breach on its dark web leak site claiming to have taken over 11 million files. However, the stolen data allegedly includes confidential information from Apple, Dell, Google, Intel, and NVIDIA according to the hackers.
Foxconn’s Wisconsin manufacturing plant experienced multi-day IT outage starting May 1 halting production and forcing employees offline. Workers reported full network collapse by 7:00 AM with Wi-Fi gone and core plant infrastructure disrupted by 11:00 AM. Meanwhile, employees were told to turn off computers and not log back in under any circumstances.
The hackers claim the stolen files include confidential instructions, internal project documentation, and technical drawings tied to major tech companies. Initial analysis shows at least some data samples match attackers’ claims depicting components manufactured for Google. Consequently, leaked hardware schematics could enable competitors to reverse-engineer products or help threat actors discover exploitable zero-day vulnerabilities.
Nitrogen operates as ransomware-as-a-service group linked to Eastern European operators and possibly connected to BlackHat/ALPHV ransomware cartel. The group has been active since 2023 and is believed to be an offshoot of leaked Conti 2 ransomware code. Furthermore, Coveware researchers warned in February that programming error prevents the gang’s decryptor from recovering victims’ files.
Foxconn stated affected factories are currently resuming normal production but declined to confirm whether customer data was actually stolen.
This is not the first time Foxconn faced ransomware attacks with LockBit hitting facilities in 2022 and 2024.
