Foxconn confirms ransomware attack by Nitrogen group
▼ Summary
– Foxconn confirmed a cyberattack on some of its North American factories, with operations resuming normal production.
– The Nitrogen ransomware group claimed to have stolen 8 TB of data and over 11 million documents from Foxconn.
– Stolen files allegedly include confidential instructions and drawings from Apple, Intel, Google, Nvidia, and AMD.
– Nitrogen ransomware first appeared in 2023, later developed its own strain using leaked Conti 2 builder code, but a coding mistake can corrupt encrypted files.
– Foxconn has experienced multiple prior ransomware attacks, including incidents from LockBit in 2022 and 2024, and DoppelPaymer in 2020.
Foxconn has officially confirmed it fell victim to a ransomware attack carried out by the Nitrogen cybercrime group, with multiple North American factories working to restore full operations after the breach disrupted production.
As the world’s largest electronics manufacturer, Foxconn employs more than 900,000 people across 240 campuses in 24 countries. The company reported revenues exceeding $260 billion in 2025 and holds the 28th spot on the Fortune Global 500. Its manufacturing lines supply major tech players including Apple, Nvidia, Intel, and Google.
The confirmation came from a Foxconn spokesperson after BleepingComputer asked the company to respond to claims from the Nitrogen ransomware operation that it had stolen 8 terabytes of data and over 11 million documents.
“Some of Foxconn’s factories in North America suffered a cyberattack,” the spokesperson said in a statement. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
On its dark web leak site, Nitrogen has posted that the stolen files include “confidential instructions, projects and drawings” from Apple, Intel, Google, Nvidia, AMD, and other Foxconn clients.
The Nitrogen ransomware group first appeared in 2023, initially using a malware loader of the same name to deploy BlackCat/ALPHV ransomware payloads. The group later developed its own ransomware variant using leaked Conti 2 builder code. However, security researchers at Coveware noted that “a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them.”
While Nitrogen ransomware is not among the most active operations, it has steadily added dozens of victims to its leak site since 2024.
This is not the first time Foxconn has faced a ransomware incident. The LockBit ransomware gang claimed responsibility for attacks on Foxconn subsidiary Foxsemicon in January 2024 and a Foxconn production plant in Tijuana, Mexico, in late May 2022. In December 2020, the DoppelPaymer ransomware operation also hit Foxconn’s CTBG MX facility in Ciudad Juárez, demanding a $34 million ransom after allegedly stealing 100GB of data, encrypting up to 1,400 servers, and destroying 20 to 30TB of backup data.
(Source: BleepingComputer)