iPhone's contract manufacturer Foxconn hit by ransomware attack; and targets reportedly include Nvidia, Dell and Apple
A ransomware group is claiming to have stolen 8 terabytes of data from Foxconn, Apple’s biggest supplier and the world's largest electronics manufacturer. According to a report by Wired, the group has listed Foxconn on its breach site and is attempting to extort the company. It claims that the stolen data belonged to the company’s major clients such as Apple, Google, Dell, and Nvidia. Foxconn has confirmed that some of its North American factories suffered a cyberattack in recent days, adding that affected facilities are now resuming normal production.
Who is behind the Foxconn cyber attack
As per the report, the group claiming responsibility for the Foxconn cyber attack is Nitrogen that first emerged in 2023. Not the most well-known ransomware actor, the group has been steadily active — with a notable spike in activity at the end of 2024. Researchers have also linked Nitrogen to the notorious ALPHV/BlackCat ransomware group, one of the more dangerous criminal networks in the cybersecurity world.
As mentioned above, Nitrogen listed Foxconn on its breach site on Monday. Beyond threatening to release stolen data, the group also typically deploys ransomware that encrypts a victim's systems, locking them out until a ransom is paid. However, researchers have flagged a significant flaw in Nitrogen's own encryption tool — a design bug that makes it impossible to decrypt data once locked, even if the attackers agree to do so.
Why Foxconn a prime target
Foxconn is not just a large company — it is a critical link in the global electronics supply chain. It manufactures components and complete devices for some of the world's biggest tech brands, most notably Apple's iPhones. That makes it an especially attractive target for ransomware groups.
"Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software," Allan Liska, a threat intelligence analyst at security firm Recorded Future, told Wired. "So it's unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world."
This is far from the first time Foxconn has been in a ransomware group's crosshairs. In December 2020, the DoppelPaymer group attacked a Foxconn facility in Mexico and demanded 1,804 Bitcoin — worth roughly $34 million then. In May 2022, the LockBit group hit another Mexican facility, disrupting production. Most recently, in 2024, LockBit attacked Foxsemicon Integrated Technology, a Foxconn subsidiary, defacing its systems and claiming a data breach.
Who is behind the Foxconn cyber attack
As per the report, the group claiming responsibility for the Foxconn cyber attack is Nitrogen that first emerged in 2023. Not the most well-known ransomware actor, the group has been steadily active — with a notable spike in activity at the end of 2024. Researchers have also linked Nitrogen to the notorious ALPHV/BlackCat ransomware group, one of the more dangerous criminal networks in the cybersecurity world.
As mentioned above, Nitrogen listed Foxconn on its breach site on Monday. Beyond threatening to release stolen data, the group also typically deploys ransomware that encrypts a victim's systems, locking them out until a ransom is paid. However, researchers have flagged a significant flaw in Nitrogen's own encryption tool — a design bug that makes it impossible to decrypt data once locked, even if the attackers agree to do so.
Why Foxconn a prime target
Foxconn is not just a large company — it is a critical link in the global electronics supply chain. It manufactures components and complete devices for some of the world's biggest tech brands, most notably Apple's iPhones. That makes it an especially attractive target for ransomware groups.
"Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software," Allan Liska, a threat intelligence analyst at security firm Recorded Future, told Wired. "So it's unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world."
This is far from the first time Foxconn has been in a ransomware group's crosshairs. In December 2020, the DoppelPaymer group attacked a Foxconn facility in Mexico and demanded 1,804 Bitcoin — worth roughly $34 million then. In May 2022, the LockBit group hit another Mexican facility, disrupting production. Most recently, in 2024, LockBit attacked Foxsemicon Integrated Technology, a Foxconn subsidiary, defacing its systems and claiming a data breach.
Next Story