Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America.
Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site and said it stole 8 terabytes of data spanning more than 11 million files.
The threat group posted screenshots of some of the allegedly stolen data and claimed it compromised “confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects.”
Foxconn is famously known as the primary assembler of Apple iPhones. Apple and the other companies allegedly impacted by the attack did not respond to a request for comment.
A spokesperson for Foxconn confirmed some of its factories in North America suffered a cyberattack, and said its cybersecurity team immediately responded to the breach by implementing additional “measures to ensure the continuity of production and delivery.”
The spokesperson did not answer questions about when the attack occurred or what systems or data was impacted, but noted that “affected factories are currently resuming normal production” as of Tuesday.
Nitrogen was first observed in 2023, using ALPHV, one of the most prevalent ransomware variants at that time, Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center, told CyberScoop. The group started using stolen code from Conti, another formerly prolific ransomware variant, in 2024 to build its own custom attack tools to hit Windows and VMware server environments, she added.
The threat group has most recently focused on companies in the manufacturing and technology sectors. “However, the most recent cases of claims by Nitrogen do not include a working file listing on the leak site and include mostly older images of files,” Kaiser said. “This raises questions about whether Nitrogen is inflating data-theft claims in an attempt to pressure victims into paying higher ransoms.”
Foxconn hasn’t described the nature of the attack or confirmed the existence of a ransom demand.
Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, said Nitrogen follows a “consistent playbook, stealing data before encrypting systems so they have leverage on multiple fronts, combining operational disruption with the threat of sensitive information being exposed.”
The threat group’s tactics indicate it’s not opportunistic, but rather “operating with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment,” Valenzuela added.
Foxconn, also known as Hon Hai Precision Industry with headquarters in Taiwan, is among the world’s largest companies with $259 billion in revenue last year, the company said. Foxconn’s North American footprint includes multiple factories in Mexico, Wisconsin, Ohio, Texas, Virginia and Indiana.
