Foxconn Cyberattack Disrupts North American Factories as Nitrogen Claims Data Theft
Foxconn confirmed that a cyberattack affected several of its North American factories, disrupting operations and forcing some facilities to fall back to manual processes while incident response teams worked to restore systems. Reporting tied to a Wisconsin site said the intrusion caused Wi-Fi and network outages, impaired computer operations, and led employees to use paper-based workflows before some were sent home. Foxconn said it activated cybersecurity response and business continuity measures immediately and that impacted plants are resuming normal production and delivery operations.
The Nitrogen ransomware group claimed responsibility, alleging it stole 8 TB of data and more than 11 million documents, including confidential material related to major technology customers such as Apple, Intel, Google, Nvidia, and AMD. Security researchers have described Nitrogen as a financially motivated group first seen in 2023, with ransomware built from leaked Conti 2 code and earlier links to malware used to deploy BlackCat/ALPHV. The incident adds to a string of ransomware attacks previously disclosed by Foxconn, including cases tied to LockBit and DoppelPaymer.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Foxconn publicly confirms cyberattack on North American factories
Foxconn publicly disclosed that some of its North American factories were impacted by a cyberattack. The confirmation came as reporting linked the incident to Nitrogen's extortion claims and Foxconn stated operations were being restored.
Nitrogen claims Foxconn attack and data theft
The Nitrogen ransomware gang publicly claimed responsibility for the Foxconn incident, alleging it stole about 8 TB of data and more than 11 million documents. The gang said the stolen material included confidential information tied to customers such as Apple, Intel, Google, Nvidia, and AMD.
Foxconn activates incident response and continuity measures
Following the attack, Foxconn said it immediately activated its cybersecurity response mechanisms and implemented measures to maintain production and delivery continuity. The company reported that affected facilities were working to resume or had begun resuming normal operations.
Foxconn North American factories hit by cyberattack
Foxconn said several of its North American factories were affected by a cyberattack. At a Wisconsin facility, the incident reportedly caused Wi-Fi and network outages, disrupted computer operations, and forced staff to switch to paper-based processes before some employees were sent home.
Nitrogen ransomware group first observed
Barracuda Networks and other researchers first observed the financially motivated Nitrogen threat group in 2023. The group was initially associated with malware delivery activity and later linked to ransomware derived from leaked Conti code.
DoppelPaymer ransomware hits Foxconn Americas operations
Foxconn said an information system supporting some Americas operations was attacked on 2020-11-29, affecting Foxconn CTBG MX / North America operations tied to Ciudad Juárez, Mexico. DoppelPaymer claimed it stole files before encrypting systems, demanded about $34.7 million in bitcoin, and Foxconn said it was restoring systems in phases while working with technical experts and law enforcement.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
9 references tracked. Mallory keeps watching after this page renders.
Foxconn factories resume operations after ransomware attack | brief | SC Media
scworld.com
Open sourceMajor tech manufacturer Foxconn confirms cyberattack hit North American factories | CyberScoop
cyberscoop.com
Open sourceNitrogen Ransomware claims massive data theft from Foxconn
securityaffairs.com
Open sourceHackers Claim 11M Files Stolen From Foxconn, Supplier to Apple and Nvidia
techrepublic.com
Open sourceFoxconn Confirms Cyberattack After Nitrogen Ransomware Gang Claim
cybersecuritynews.com
Open sourceRansomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia | TechCrunch
techcrunch.com
Open sourceFoxconn confirms cyberattack claimed by Nitrogen ransomware gang
bleepingcomputer.com
Open sourceFoxconn confirms cyberattack impacting North American factories | The Record from Recorded Future News
therecord.media
Open sourceFoxconn electronics giant hit by ransomware, $34 million ransom
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Nitrogen Claims Foxconn Wisconsin Breach Exposed 8TB of AI Manufacturing Data
Foxconn said operational IT issues disrupted its Mount Pleasant, Wisconsin campus, where workers reported a broad network outage affecting Wi‑Fi, core infrastructure, and timekeeping systems as production was gradually restored. The **Nitrogen** ransomware group later claimed responsibility on its extortion site, alleging it stole **8TB** of data spanning more than **11 million files** from the Racine County facility, including assembly instructions, hardware schematics, and data center topology diagrams tied to customers such as **Apple, Intel, Google, NVIDIA, and Dell**. Foxconn has not verified the authenticity of the leaked samples or disclosed any ransom demand, and reports said the incident may also have affected a Foxconn site in Houston. The claimed breach adds to a pattern of ransomware incidents affecting Foxconn manufacturing operations. In 2022, Foxconn confirmed a ransomware attack at its **Tijuana, Mexico** plant that disrupted production and was claimed by **LockBit**, with the company saying recovery was underway and overall business impact would be limited. That attack followed a 2020 intrusion at Foxconn’s **Ciudad Juárez** facility attributed to **DoppelPaymer**, underscoring repeated targeting of the company’s production sites and raising renewed supply-chain and industrial espionage concerns around its AI server and electronics manufacturing operations.
May 25, 2026
LockBit Claims 5TB Data Theft in Ransomware Attack on Foxsemicon
Foxsemicon Integrated Technology Inc. (FITI), a Taiwanese semiconductor parts manufacturer affiliated with Hon Hai Technology Group, said it was hit by a ransomware attack that defaced its website and displayed a threat to leak allegedly stolen data. The attackers, identified in reporting as the **LockBit** ransomware gang, claimed they had stolen and encrypted **5TB** of company data, including customer and employee personal information, and warned they would publish it on a darknet leak site if a ransom was not paid. Foxsemicon told the Taiwan Stock Exchange it restored its website the same day it detected the incident, brought in security experts, and did not expect a significant impact on operations. The company did not disclose any ransom demand and had not confirmed whether customer or employee data was actually exfiltrated, while parts of its website reportedly remained inaccessible and search results continued to show the attackers' message. The incident stood out because website defacement is considered unusual for LockBit, which more commonly pressures victims through its extortion portal.
May 25, 2026
RansomHub Claims Breach of Apple Supplier Luxshare With Alleged Leak of Engineering and Supply-Chain Data
Apple manufacturing partner **Luxshare Precision Industry** was reportedly hit by a ransomware incident involving data theft and extortion, with internal documents allegedly published to pressure payment. Reporting indicates the exposed materials include sensitive operational information tied to Luxshare’s role in Apple’s supply chain (e.g., production workflows, security procedures, and supply-chain protocols), raising concerns about downstream risk to Apple-related manufacturing and repair operations. *Help Net Security* reports the **RansomHub** ransomware-as-a-service operation claimed responsibility, alleging affiliates stole and encrypted data and posted proof on its leak site. The group claimed the stolen archives include **3D CAD models**, engineering design/documentation, **2D manufacturing drawings**, and **PCB design/manufacturing data**, and asserted the data set contains information related to multiple Luxshare customers (including Apple and other major technology/automotive firms); third-party researchers cited in the report said the leak appears to include confidential Apple-Luxshare repair and shipping project details, while Luxshare had not publicly confirmed the breach at the time of reporting.
Mar 21, 2026