Skip to content

Major tech manufacturer Foxconn confirms cyberattack hit North American factories

Chimera readability score 78 out of 100, Expert reading level.

Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America.
Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site and said it stole 8 terabytes of data spanning more than 11 million files.
The threat group posted screenshots of some of the allegedly stolen data and claimed it compromised “confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects.”
Foxconn is famously known as the primary assembler of Apple iPhones. Apple and the other companies allegedly impacted by the attack did not respond to a request for comment.
A spokesperson for Foxconn confirmed some of its factories in North America suffered a cyberattack, and said its cybersecurity team immediately responded to the breach by implementing additional “measures to ensure the continuity of production and delivery.”
The spokesperson did not answer questions about when the attack occurred or what systems or data was impacted, but noted that “affected factories are currently resuming normal production” as of Tuesday.
Nitrogen was first observed in 2023, using ALPHV, one of the most prevalent ransomware variants at that time, Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center, told CyberScoop. The group started using stolen code from Conti, another formerly prolific ransomware variant, in 2024 to build its own custom attack tools to hit Windows and VMware server environments, she added.
The threat group has most recently focused on companies in the manufacturing and technology sectors. “However, the most recent cases of claims by Nitrogen do not include a working file listing on the leak site and include mostly older images of files,” Kaiser said. “This raises questions about whether Nitrogen is inflating data-theft claims in an attempt to pressure victims into paying higher ransoms.”
Foxconn hasn’t described the nature of the attack or confirmed the existence of a ransom demand.
Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, said Nitrogen follows a “consistent playbook, stealing data before encrypting systems so they have leverage on multiple fronts, combining operational disruption with the threat of sensitive information being exposed.”
The threat group’s tactics indicate it’s not opportunistic, but rather “operating with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment,” Valenzuela added.
Foxconn, also known as Hon Hai Precision Industry with headquarters in Taiwan, is among the world’s largest companies with $259 billion in revenue last year, the company said. Foxconn’s North American footprint includes multiple factories in Mexico, Wisconsin, Ohio, Texas, Virginia and Indiana.

Facts Only

* Foxconn confirmed that some of its North American factories suffered a cyberattack.
* The ransomware group Nitrogen claimed responsibility for the attack.
* Nitrogen claimed to have stolen 8 terabytes of data spanning more than 11 million files.
* The alleged stolen data included confidential instructions, projects, and drawings from Intel, Apple, Google, Dell, and Nvidia.
* Foxconn's cybersecurity team implemented measures to ensure production continuity.
* Affected factories are currently resuming normal production as of Tuesday.
* Nitrogen was first observed in 2023 using ALPHV.
* Nitrogen began using stolen code from Conti in 2024 to build custom attack tools for Windows and VMware server environments.
* Foxconn has factories in Mexico, Wisconsin, Ohio, Texas, Virginia, and Indiana.

Executive Summary

Foxconn, a major electronics manufacturer, confirmed that some of its factories in North America suffered a cyberattack. The threat group Nitrogen claimed responsibility for the attack, alleging they stole 8 terabytes of data spanning over 11 million files. The stolen data allegedly included confidential instructions, projects, and drawings from companies such as Intel, Apple, Google, and Nvidia. Foxconn's cybersecurity team responded by implementing measures to ensure production continuity, and affected factories are currently resuming normal operations. The threat group has shown an evolving pattern, starting with older ransomware variants and later using stolen code to target Windows and VMware environments. While Nitrogen claimed data theft, Foxconn did not confirm a ransom demand or specify the exact timeline or systems impacted.

Full Take

The narrative presents a dual reality: a massive claim of catastrophic data loss by a sophisticated threat actor and an operational response by the victim. The threat group's claims regarding the data theft—targeting high-profile technology firms—function as a powerful lever, designed to maximize pressure for ransom payment. The threat group’s tactics, as described by threat researchers, focus on combining operational disruption with the threat of information exposure, indicating a strategic playbook rather than opportunistic targeting. This pattern suggests that the primary goal is leverage, not merely financial gain, positioning the data theft as a method to force payment and secure future access. The framing of the incident relies on the public awareness of the stolen intellectual property (IP) to amplify the perceived damage and urgency. The ambiguity surrounding the exact timeline and systems impacted allows the threat actor to maintain plausible deniability while maximizing reputational damage. The focus shifts from the technical failure to a negotiation, which is a common manipulation strategy designed to bypass scrutiny of the attack's true scope and intent.

Sentinel — Human

Confidence

The text demonstrates the structural complexity and specific attribution typical of human-authored journalistic reporting, focusing on specific, named entities and specialized threat intelligence.

Signals Detected
low severity: Varied sentence structure and specific, non-uniform rhythm; quotes are integrated naturally rather than sequentially.
low severity: Presence of specific, non-generic names and direct attribution to named experts (Cynthia Kaiser, Ismael Valenzuela); the text maintains a specific, focused narrative tone.
low severity: The data flows logically from the event (Foxconn attack) to the perpetrators (Nitrogen), the specific targets (Apple, Intel), and then to the tactical analysis provided by experts. This is typical of investigative reporting.
low severity: References to specific threat groups (Nitrogen, ALPHV, Conti) and specific threat research figures are integrated contextually, suggesting reliance on verifiable, specialized sources rather than pure LLM confabulation.
Human Indicators
The text incorporates highly specific, named individuals (Cynthia Kaiser, Ismael Valenzuela) and references to specialized threat intelligence, which anchors the narrative in specialized human expertise.
The transition between reported facts and expert analysis feels organically developed, avoiding the mechanical structure often found in pure synthetic writing.