-
The Nitrogen ransomware gang claims to have breached Foxconn and stolen over 11 million files from the electronics manufacturing giant.
-
The stolen data allegedly includes confidential materials tied to major clients such as Apple, Google, Nvidia, Dell, and Intel.
-
A known flaw in Nitrogen’s decryptor means paying the ransom may not restore Foxconn’s encrypted files at all.
Foxconn, the world’s largest electronics manufacturer and a critical supplier to Apple, Google, Nvidia, and Sony, confirmed a cyberattack on its North American facilities after the Nitrogen ransomware group mentioned the firm on its dark web leak site. The Taiwan-located firm said it is working to bring affected operations back to normal.
Nitrogen claims to have stolen 8TB (terabytes) of data containing more than 11 million files. The group says the haul includes confidential customer instructions, internal project documentation, technical drawings, and financial records tied to some of the biggest names in tech.
As evidence, the hackers published what appear to be product schematics, operational guidelines, and bank statements on their .onion site.
A Foxconn spokesperson told The Register that the company’s cybersecurity team immediately activated its response mechanism after discovering the attack, and applied several operational measures to keep production and delivery running.
The spokesperson confirmed that the affected factories are currently returning to normal production. Foxconn did not confirm whether any customer data was actually taken in the breach.
Nitrogen Claims the Attack
Nitrogen is a double-extortion ransomware group, meaning it uses two pressure points against its victims. It encrypts the victim’s files, locking them out of their own systems, and because it copies those files before encrypting them, it also threatens to publish the stolen data unless a ransom is paid. This two-pronged approach gives the group separate ways to squeeze money from each target.
Security researchers believe Nitrogen built its malware using code from the leaked Conti 2 builder, a source behind several ransomware operations since 2023.
The gang typically lists non-paying victims on its dark web site, using public exposure as additional pressure to force payment.
Foxconn has not confirmed whether it has engaged with the attackers, and the company declined to answer specific questions from reporters about the incident.
What the Hackers Claim They Took
Nitrogen’s dark web post paints a damaging picture of the alleged theft. The group says the stolen files include confidential materials connected to several of Foxconn’s biggest clients, naming Apple, Dell, Google, Intel, and Nvidia specifically.
This isn’t an isolated incident targeting Apple and Nvidia’s supply chain. Another major tech supply chain breach involving Luxshare reportedly stole data from Apple and Nvidia as well, highlighting a troubling pattern.
For companies like Apple and Nvidia, whose product designs and supply chain details have close monitoring, a leak of this scale carries serious consequences.
Foxconn sits at the center of the global hardware supply chain, and its systems likely hold sensitive information across dozens of major client relationships.
The size of the alleged theft makes this one of the more significant ransomware claims in recent memory, though the actual contents of the data remain unverified by independent parties.
Paying Up May Not Be Enough
Even if Foxconn considers meeting the ransom demand, security researchers warn that doing so may not solve the problem. In February, analysts at Coveware identified a programming error inside Nitrogen’s decryption tool.
The flaw prevents the tool from successfully restoring encrypted files, meaning victims who pay may still lose permanent access to their data. This warning applies specifically to Nitrogen’s malware targeting VMware ESXi environments.
This is not Foxconn’s first encounter with ransomware. In 2024, the LockBit gang claimed it had compromised Foxsemicon Integrated Technology, a semiconductor equipment unit within the broader Foxconn Technology Group. That same criminal crew also hit a Foxconn subsidiary based in Mexico in 2022.
The pattern confirms that large manufacturers remain high-value targets for ransomware groups. Their extensive client lists, sensitive product data, and complex supply chains mean a single successful breach can damage not just the company hit but every major tech brand it serves.
