Foxconn Confirms Cyberattack on North American Plants as Nitrogen Ransomware Claims 8TB Data Theft

TL;DR: Foxconn confirmed a cyberattack disrupted several North American facilities after the Nitrogen ransomware group claimed to have exfiltrated roughly 8 terabytes of internal data. The manufacturer reports that affected plants are returning to normal operations while the incident is under investigation.

Foxconn, a major contract manufacturer for Apple, Dell, Google and Nvidia, operates dozens of plants across the United States and Mexico. The company said the attack impacted some of its North American sites, including locations in Wisconsin and Texas, where workers experienced network outages and disabled digital timecard systems. Foxconn’s security teams isolated the affected networks and began restoration efforts.

The Nitrogen ransomware group posted a claim on its leak site, stating it had taken approximately 8TB of Foxconn data, including project details, schematics and internal files. Researchers note that Nitrogen emerged around 2023 and shares code similarities with the ALPHV BlackCat and historic Conti ransomware families. Observed tactics likely involve spear‑phishing or exposed remote services for initial access, lateral movement via SMB and Windows admin tools, and data exfiltration before encryption—a pattern aligned with MITRE ATT&CK techniques T1566.001, T1021.002, T1059 and T1041.

Allan Liska of Recorded Future warned that ransomware actors are increasingly targeting victims that can disrupt supply chains, whether physical or software‑based. Foxconn’s role as a key supplier for multiple tech giants makes it a high‑value target for groups seeking both financial gain and leverage over downstream manufacturers.

The breach highlights the risk that a single manufacturing outage can ripple through global electronics production. While Foxconn has not disclosed any ransom demand or payment, the alleged data theft raises concerns about intellectual property exposure and potential regulatory scrutiny.

Mitigations: Organizations should enforce multi‑factor authentication on all remote access points, patch known vulnerabilities in VPN and edge devices (e.g., CVE‑2021-22893 for Pulse Secure, CVE‑2018-13379 for FortiOS), and segment operational technology networks from corporate IT. Deploying endpoint detection and response tools with behavioral analytics can help detect unusual data transfers, while maintaining offline, encrypted backups ensures recovery without paying a ransom. Regular tabletop exercises that simulate ransomware scenarios improve readiness and communication.

Watch for any further disclosures from Foxconn regarding data integrity, potential regulatory filings, and whether the Nitrogen group follows through on its threat to leak the claimed 8TB of data.