A ransomware crew known as Nitrogen is trying to extort Foxconn, claiming it stole 8 terabytes of data — including schematics and project details tied to customers such as Dell, Google, Apple, and Nvidia. Foxconn has not validated the claims but acknowledged that some of its North American factories suffered a cyberattack in recent days and that affected plants are resuming normal production.

As one of the world's largest contract manufacturers, Foxconn is a natural target: it holds not only its own intellectual property but that of the many companies whose devices it builds, including Apple's iPhones. “Ransomware groups are increasingly targeting victims that can impact the supply chain,” noted Recorded Future's Allan Liska, calling the choice of such a manufacturer unsurprising.

Nitrogen, which listed Foxconn on its leak site, emerged in 2023 and has connections to the notorious ALPHV/BlackCat operation. Flashpoint's Ian Gray says the group has claimed roughly 50 victims, concentrated in manufacturing, technology, and retail. Its encryptor is built on widely repurposed “Conti 2” code but carries a design flaw that can make data impossible to decrypt — even if the attackers wanted to restore it.

This is far from Foxconn's first brush with extortion: DoppelPaymer hit a Mexican facility in December 2020 with a roughly $34 million demand, LockBit struck another Mexican plant in 2022, and the LockBit crew targeted subsidiary Foxsemicon in 2024. The incident lands amid a steady drumbeat of disruptive extortion, days after a breach at education-tech firm Instructure paralyzed Canvas access for thousands of U.S. schools.