Foxconn, the $260 billion electronics manufacturer ranked 28th in the Fortune Global 500, confirmed this week that Nitrogen ransomware operators breached its North American factories, stealing what the group claims is 8 TB of data and more than 11 million documents.
The breach surfaced when Nitrogen posted Foxconn to its dark web leak site, claiming the stolen files contain “confidential instructions, projects and drawings” from Apple, Intel, Google, Nvidia, and AMD. Foxconn’s spokesperson confirmed the attack in a statement to BleepingComputer: “Some of Foxconn’s factories in North America suffered a cyberattack. The affected factories are currently resuming normal production.”
Nitrogen isn’t the most technically polished operation. According to Coveware researchers, a coding mistake in the group’s ESXi malware causes it to encrypt files with the wrong public key, irrevocably corrupting them. The group first emerged in 2023 deploying BlackCat/ALPHV payloads, then built its own ransomware strain using leaked Conti 2 builder code.
This is Foxconn’s fourth documented ransomware incident. DoppelPaymer hit the company’s CTBG MX facility in Ciudad Juárez in December 2020, demanding a $34 million ransom after allegedly stealing 100 GB of data and encrypting up to 1,400 servers. LockBit struck Foxsemicon, a Foxconn subsidiary, in January 2024, and a Tijuana plant was hit in May 2022.
Foxconn’s publicly traded customers, including Apple and Nvidia, don’t yet know whether the stolen design files are authentic. If confirmed, they may face their own disclosure obligations.
— James Okafor