Foxconn Cyberattack: Ransomware Group Nitrogen Extorts Electronics Giant Over Alleged Data Breach
The incident highlights the growing risk to global supply chains as ransomware groups like Nitrogen, linked to ALPHV/BlackCat, target manufacturers holding critical customer intellectual property.
Ransomware group Nitrogen is currently attempting to extort electronics manufacturing giant Foxconn, alleging that it has stolen 8TB of data. The attackers claim this stolen material includes customer schematics and project details from major technology firms such as Dell, Google, Apple, and Nvidia. Foxconn has not immediately responded to requests for comment regarding the validity of these specific claims or the identity of the affected customers.
Despite the unverified nature of the data theft allegations, Foxconn has acknowledged that some of its North American factories suffered a cyberattack in recent days. The company stated that the affected factories are currently resuming normal production following the outages. However, the extent of any disruption to global operations beyond these acknowledged North American sites remains unconfirmed.
The incident underscores the strategic appeal of Foxconn to cybercriminals. As a key manufacturing contractor for electronic components and entire devices, including Apple's iPhones, the company holds both its own intellectual property and that of its clients. Allan Liska, a threat intelligence analyst at Recorded Future, noted that ransomware groups are increasingly targeting victims capable of impacting the supply chain, whether physical or software.
The attackers, who listed Foxconn on their breach site on Monday, have established links to the notorious ALPHV/BlackCat ransomware collective. Nitrogen, which emerged in 2023, is not the most prolific actor but has seen activity spikes recently. The group's ransomware programme is built on repurposed Conti 2 code, though it reportedly contains a design flaw that makes data decryption impossible once encrypted, even if the attackers wish to release the systems.
This attack adds to a history of extortion attempts targeting the company. Foxconn has faced previous incidents, including a December 2020 attack on a Mexican facility by the DoppelPaymer group and a May 2022 strike by the LockBit group. Most recently, the LockBit group attacked a Foxconn subsidiary, Foxsemicon Integrated Technology, in 2024.
The broader context of digital security threats remains acute. Just last week, the education technology firm Instructure shut down access to its Canvas platform for thousands of US schools following a breach by extortion actors. These events illustrate the persistent nature of ransomware and data extortion as a threat to critical infrastructure and corporate data.
