Foxconn confirms cyberattack claimed by Nitrogen ransomware gang
Source: Bleeping Computer
Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack.
The electronics giant employs over 900,000 people across more than 240 campuses in 24 countries and reported revenues of over $260 billion in 2025. Ranked 28th on the Fortune Global 500, Foxconn manufactures a wide range of products for major tech companies, including Apple, Nvidia, Intel, and Google.
Confirmation of the Attack
The incident was confirmed by a Foxconn spokesperson when BleepingComputer asked the company to verify claims by the Nitrogen ransomware operation that they had stolen 8 TB of data and more than 11 million documents.
“Some of Foxconn’s factories in North America suffered a cyberattack,” the spokesperson told BleepingComputer in an emailed statement.
“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
Nitrogen also posted on its dark‑web leak site that the stolen Foxconn files contain “confidential instructions, projects and drawings” from Apple, Intel, Google, Nvidia, AMD, and other Foxconn customers.
Foxconn entry on Nitrogen leak site (BleepingComputer)
Background on the Nitrogen Ransomware Group
The threat actors behind the Nitrogen ransomware operation first surfaced in 2023 with a malware loader that deployed BlackCat/ALPHV ransomware payloads (source).
Later, the group developed its own ransomware strain using leaked Conti 2 builder code (source). Coveware researchers noted a coding mistake in the ESXi malware that caused it to encrypt files with the wrong public key, irrevocably corrupting them.
Although Nitrogen is not the most active ransomware operation, it has slowly added dozens of victims to its leak site since 2024 (list of victims).
Prior Ransomware Incidents Involving Foxconn
- LockBit (January 2024) – Claimed to have hit Foxconn subsidiary Foxsemicon (Taipei Times).
- LockBit (May 2022) – Targeted a Foxconn production plant in Tijuana, Mexico (BleepingComputer).
- DoppelPaymer (December 2020) – Claimed to have hit Foxconn’s CTBG MX facility in Ciudad Juárez, demanding a $34 million ransom after allegedly stealing 100 GB of data, encrypting up to 1,400 servers, and destroying 20–30 TB of backup data (BleepingComputer).