A ransomware group is making an attempt to extort the electronics manufacturing big Foxconn, claiming that it stole 8 terabytes of knowledge from the corporate, together with schematics and venture particulars from prospects together with Dell, Google, Apple, and Nvidia. Foxconn didn’t instantly reply to WIRED’s request for remark concerning the validity of the claims, however the firm did acknowledge that a few of its North American factories “suffered a cyberattack” in current days, and that “affected factories are presently resuming regular manufacturing” after outages.
Foxconn is the kind of goal that’s notably interesting to ransomware and knowledge extortion actors, as a result of it’s a huge firm with divisions and subsidiaries around the globe that maintain not solely its personal mental property however that of its prospects. The corporate is a key manufacturing contractor for digital components or whole gadgets, together with Apple’s iPhones.
“Ransomware teams are more and more focusing on victims that may influence the provision chain, whether or not it’s bodily or software program,” says Allan Liska, a menace intelligence analyst at safety agency Recorded Future. “So it’s unsurprising that an organization like Foxconn can be focused, because it does manufacturing and holds delicate knowledge for therefore many firms around the globe.”
The attackers, referred to as the Nitrogen group, listed Foxconn on its breach website on Monday. Nitrogen, which emerged in 2023, isn’t essentially the most high-profile or prolific ransomware actor, nevertheless it has been steadily lively with some spikes, together with on the finish of 2024. The group, which generally targets victims in North America and Western Europe, additionally has connections to the infamous ALPHV/BlackCat ransomware group.
“Whereas experiences point out that Nitrogen has been lively since 2023, our first commentary of their exercise was in 2024, focusing on Management Panels USA,” says Ian Grey, vice chairman of intelligence on the safety firm Flashpoint. “We’ve got noticed roughly 50 victims since launching, primarily focusing on manufacturing, expertise, and retail. Manufacturing is among the most-targeted sectors for ransomware normally.”
The thought of Foxconn as a main goal is not only conceptual. The corporate has confronted a lot of extortion makes an attempt, together with a December 2020 attack on a Mexican facility through which the DoppelPaymer ransomware group memorably demanded 1,804 bitcoin (value roughly $34 million on the time). The LockBit group hit one other Foxconn facility in Mexico in May 2022 and disrupted manufacturing. Most just lately, LockBit attacked a subsidiary referred to as Foxsemicon Built-in Expertise in 2024 with defacements and knowledge breach claims.
Along with making an attempt to extort victims by threatening to launch knowledge stolen in an assault, Nitrogen additionally usually deploys conventional ransomware that encrypts a goal’s techniques. Researchers say that the group’s ransomware program itself was constructed off of extensively repurposed “Conti 2” code, nevertheless it has an issue. Nitrogen’s encrypting mechanism has a design flaw that makes it unattainable to decrypt knowledge as soon as it has been encrypted—even when the attackers wish to launch a sufferer’s techniques. It’s unclear if this can be a consider Foxconn’s incident response this week.
Ransomware and knowledge extortion is an inveterate digital safety downside, and attackers repeatedly repeat targets and stoop to new lows in finishing up large-scale disruptive assaults. Simply final week, hundreds of faculties across the US had been paralyzed amid finals and different year-end actions when the training tech agency Instructure shut down access to its Canvas platform following a breach perpetrated by extortion actors.
Up to date at 6:15 pm ET, Could 12, 2026, to incorporate remark from Flashpoint’s Ian Grey.
