Foxconn confirms cyberattack on North American factories amid Nitrogen ransomware claims

Foxconn, the Taiwanese electronics manufacturing giant and the world’s largest contract manufacturer, confirmed that several of its North American factories were affected by a cyberattack that disrupted operations and prompted an emergency cybersecurity response.

The incident emerged after the Nitrogen ransomware group added Foxconn to its Tor-based data leak site on March 12, claiming responsibility for the breach and alleging it had stolen approximately 8TB of internal data comprising more than 11 million files.

Foxconn said its cybersecurity team immediately activated response protocols and implemented operational measures aimed at maintaining production and delivery continuity. The company stated that the affected factories were in the process of resuming normal operations.

Nitrogen claimed the stolen information includes confidential documents, internal instructions, technical drawings and project-related files connected to major technology companies including Intel, Apple, Google, Dell and Nvidia. The ransomware group also published screenshots of alleged internal documents as proof of the intrusion.

Foxconn did not confirm whether customer information or partner-related project files were compromised during the attack.

Foxconn manufactures electronics and components for major global technology companies, including smartphones, computers, gaming consoles and networking equipment. The company operates an extensive international manufacturing network that plays a critical role in global technology supply chains.

The Nitrogen ransomware operation has been active since 2023 and is believed to be linked to ransomware variants developed from leaked Conti ransomware source code. Security researchers previously identified operational flaws in some versions of Nitrogen’s malware, including issues affecting decryption tools used in attacks targeting VMware ESXi systems.

The attack marks the latest cybersecurity incident involving Foxconn and its subsidiaries. In 2024, the LockBit ransomware group claimed responsibility for an attack on Foxsemicon Integrated Technology, a semiconductor equipment manufacturer within the Foxconn Technology Group. In 2022, LockBit also claimed an attack on a Foxconn subsidiary in Mexico that disrupted production operations.

Foxconn previously faced another major ransomware incident in 2020 when the DoppelPaymer ransomware group targeted its plant in Ciudad Juárez, Chihuahua, and demanded a $34 million ransom.