Foxconn Confirms Cyberattack After Nitrogen Ransomware Claim
Key Takeaways Foxconn confirmed a cyberattack impacting its North American operations. The Nitrogen ransomware group claimed responsibility, asserting the theft of 8 terabytes of data. Stolen data...
Key Takeaways
- Foxconn confirmed a cyberattack impacting its North American operations.
- The Nitrogen ransomware group claimed responsibility, asserting the theft of 8 terabytes of data.
- Stolen data allegedly includes sensitive project details for tech giants like Intel, Google, Dell, and Nvidia.
- This marks at least the third significant ransomware incident for Foxconn, highlighting supply chain vulnerabilities.
Foxconn Confirms Cyberattack After Nitrogen Ransomware Data Theft Claims
Electronics manufacturing giant Foxconn has verified a cyberattack targeting its North American facilities. This confirmation follows claims made by the Nitrogen ransomware group, which listed Foxconn on its data leak portal and alleged the exfiltration of 8 terabytes of sensitive information.
Table Of Content
The Nitrogen ransomware collective publicly announced the breach on Monday, May 20, 2026, stating they had stolen over 11 million files from Foxconn’s systems. Foxconn officially acknowledged the incident the following day.
“Some of Foxconn’s factories in North America suffered a cyberattack,” a company spokesperson informed The Register. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery.”
Reports indicate the affected sites include Foxconn’s manufacturing plant in Mount Pleasant, Wisconsin, and a facility in Houston, Texas. The disruption reportedly led to some employees resorting to manual processes or being temporarily sent home.
Alleged Data Theft Impacts Major Tech Firms
The Nitrogen gang asserts that the stolen data encompasses confidential instructions, internal project documentation, and technical drawings related to projects for prominent technology companies such as Intel, Apple, Google, Dell, and Nvidia.
An examination of sample files released by the attackers revealed financial records pertaining to the Houston facility, alongside circuit board layouts, temperature sensor data, and integrated circuit documentation.
Notably, the sample files also contained network topology maps associated with AMD, Intel, and Google projects, a detail that has raised significant concern among security experts.
“The real concern is that Google and Intel’s network topologies have been stolen. Because this is an architectural map of operational infrastructure, attackers could use this data to identify vulnerabilities in data centers around the world,” warned security analyst Mark Henderson.
While Nitrogen claimed to have stolen Apple project files, AppleInsider reported that the publicly available samples do not appear to include Apple-specific circuit diagrams, product development documents, or quality control data. The report further noted that Foxconn’s Mount Pleasant facility primarily focuses on manufacturing televisions and data servers, not Apple devices.
About the Nitrogen Ransomware Group
Nitrogen is a ransomware operation that commenced its activities in 2023. It is believed that the group’s ransomware is built upon leaked source code from the Conti 2 builder. The group is suspected of having connections to the notorious ALPHV/BlackCat ransomware ecosystem and employs a double-extortion tactic, encrypting victim data and simultaneously threatening its public release.
Foxconn has stated that the impacted factories are progressively returning to normal production. However, the company has not confirmed whether any customer data was indeed compromised. This incident marks at least the third significant ransomware attack Foxconn has faced, underscoring persistent security vulnerabilities within the global electronics supply chain.
What You Should Do
- Implement robust endpoint detection and response (EDR) solutions across all network assets.
- Regularly back up critical data offline and test recovery procedures to ensure business continuity.
- Conduct frequent vulnerability assessments and penetration testing on your network infrastructure.
- Enforce strict access controls and multi-factor authentication (MFA) for all remote access and privileged accounts.
- Provide ongoing cybersecurity awareness training to employees, focusing on phishing and social engineering tactics.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.