Foxconn Hit by Nitrogen Ransomware Attack: 8TB Data Stolen, Factories Disrupted

Foxconn, one of the world’s largest electronics manufacturers supplying major tech vendors, is recovering from a cyberattack that disrupted operations at some of its North American factories.

The attack was claimed by Nitrogen, a ransomware group known for targeting organizations in manufacturing, construction, and technology sectors. The group alleged it stole 8 terabytes of data across more than 11 million files and posted screenshots of allegedly compromised files on its data leak site.

Nitrogen claimed the stolen data included confidential instructions, projects, and drawings from major tech companies such as Intel, Apple, Google, Dell, and Nvidia.

Foxconn, widely recognized as Apple’s primary iPhone assembler, did not respond to requests for comment regarding the alleged involvement of its partners. A Foxconn spokesperson confirmed that some North American factories were affected by the cyberattack and stated that the company’s cybersecurity team immediately implemented additional security measures to ensure production and delivery continuity.

The spokesperson declined to disclose when the attack occurred or specify which systems or data were impacted. However, they noted that affected factories are resuming normal production as of Tuesday.

Nitrogen Ransomware Group: Tactics and Evolution

Nitrogen was first identified in 2023, initially using ALPHV, one of the most prevalent ransomware variants at the time, according to Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center. In 2024, the group began incorporating stolen code from Conti, another prolific ransomware variant, to develop custom attack tools targeting Windows and VMware server environments.

Kaiser noted that while Nitrogen has focused on manufacturing and technology sectors, recent claims on its leak site lack verified file listings and primarily feature older file images. This has raised concerns that the group may be inflating data-theft claims to pressure victims into paying higher ransoms.

Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, explained that Nitrogen follows a consistent playbook: stealing data before encrypting systems to maximize leverage. He described the group’s approach as non-opportunistic, instead targeting organizations that are easily accessible yet critical enough to drive ransom pressure.

Foxconn’s Global Operations and Financial Overview

Foxconn, also known as Hon Hai Precision Industry, is headquartered in Taiwan and reported $259 billion in revenue for the previous year. The company operates multiple factories across North America, including locations in Mexico, Wisconsin, Ohio, Texas, Virginia, and Indiana.

The cyberattack comes amid growing concerns over ransomware threats targeting critical manufacturing and technology supply chains.