Foxconn Ransomware Attack Underscores Ongoing Security Risks
▼ Summary
– A ransomware group called Nitrogen claims to have stolen 8 TB of data from Foxconn, including schematics and project details from Dell, Google, Apple, and Nvidia.
– Foxconn acknowledged a cyberattack at some of its North American factories, which caused outages, but stated that affected factories are resuming normal production.
– Foxconn is a prime target for ransomware because it is a massive supply chain manufacturer holding sensitive data for major companies like Apple.
– Nitrogen is a ransomware group that emerged in 2023, has ties to the ALPHV/BlackCat group, and its encrypting mechanism has a design flaw that makes decryption impossible.
– Foxconn has faced multiple prior extortion attempts, including attacks by DoppelPaymer in 2020 and LockBit in 2022 and 2024.
A ransomware group known as Nitrogen is attempting to extort Foxconn, the massive electronics manufacturer, after claiming to have stolen 8 TB of sensitive data. The stolen information allegedly includes schematics and project details from major clients such as Dell, Google, Apple, and Nvidia. While Foxconn has not yet responded to WIRED’s request for comment on the validity of these claims, the company did confirm that some of its North American factories experienced a cyberattack in recent days. According to Foxconn, the affected facilities are now “resuming normal production” after temporary outages.
Foxconn represents an especially attractive target for ransomware and data extortion groups. As a sprawling global contractor with divisions and subsidiaries worldwide, the company holds not only its own intellectual property but also that of its high-profile customers. Foxconn is a key manufacturing partner for electronic components and entire devices, including Apple’s iPhones.
“Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software,” explains Allan Liska, a threat intelligence analyst at security firm Recorded Future. “So it’s unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world.”
The Nitrogen group listed Foxconn on its breach site on Monday. First emerging in 2023, Nitrogen is not among the most high-profile or prolific ransomware actors, but it has maintained a steady level of activity, with notable spikes at the end of 2024. The group also has connections to the notorious ALPHV/BlackCat ransomware group.
This is far from Foxconn’s first encounter with cyber extortion. The company has faced multiple attacks in recent years. In December 2020, the DoppelPaymer ransomware group hit a Mexican facility and famously demanded 1,804 Bitcoin (worth roughly $34 million at the time). In May 2022, the LockBit group struck another Foxconn facility in Mexico, disrupting production. Most recently, in 2024, LockBit attacked a Foxconn subsidiary called Foxsemicon Integrated Technology, carrying out defacements and data breach claims.
Beyond data theft and extortion threats, Nitrogen also frequently deploys traditional ransomware that encrypts a target’s systems. However, researchers have identified a critical flaw in Nitrogen’s ransomware code. Built on widely repurposed “Conti 2” code, the group’s encrypting mechanism has a design flaw that makes decryption impossible once data has been encrypted, even if the attackers wanted to release the systems. Whether this flaw is a factor in Foxconn’s current incident response remains unclear.
Ransomware and data extortion remain persistent digital security threats, with attackers repeatedly targeting the same organizations and stooping to new lows in large-scale disruptive operations. Just last week, thousands of schools across the United States were paralyzed amid finals and other year-end activities when education tech firm Instructure shut down access to its Canvas platform following a breach perpetrated by extortion actors.
(Source: Wired)