Emerging ThreatsMalware & Ransomware

Foxconn Disrupted by Nitrogen Ransomware Attack

Analyst 207||Source: CyberScoop
Brightly-lit industrial setting with computer screens and machinery in disarray.

“8 terabytes of data spanning more than 11 million files,” Nitrogen wrote on its leak site, claiming a haul large enough to rattle suppliers and customers across the consumer-tech supply chain.

Nitrogen’s claim: scope, screenshots, and named targets

The ransomware group Nitrogen posted screenshots on its data leak site and said it stole “8 terabytes of data spanning more than 11 million files,” including “confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects,” according to the group’s public claim. The post included images the group says are from the alleged haul, but — as outside analysts noted — the leak site “do not include a working file listing on the leak site and include mostly older images of files,” a pattern that has raised questions about the currency and completeness of the materials displayed.

Foxconn confirms disruption at North American factories

A spokesperson for Foxconn, also known as Hon Hai Precision Industry, confirmed that “some of its factories in North America suffered a cyberattack” and said the company’s cybersecurity team “immediately responded to the breach by implementing additional measures to ensure the continuity of production and delivery.” The spokesperson did not specify when the attack occurred or which systems or data were impacted, but said that “affected factories are currently resuming normal production” as of Tuesday.

Foxconn, which reported $259 billion in revenue last year and is famously known as the primary assembler of Apple iPhones, operates North American factories in Mexico, Wisconsin, Ohio, Texas, Virginia and Indiana. The company has not described whether a ransom demand was made.

Technical profile cited by researchers: ALPHV, Conti code, Windows and VMware

Security researchers cited in reporting trace Nitrogen’s evolution. Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center, told CyberScoop that Nitrogen was first observed in 2023 using ALPHV, “one of the most prevalent ransomware variants” at that time. In 2024, Kaiser said, the group began using stolen code from Conti to build custom tools aimed at Windows and VMware server environments.

Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, said Nitrogen follows a “consistent playbook, stealing data before encrypting systems so they have leverage on multiple fronts, combining operational disruption with the threat of sensitive information being exposed.” Valenzuela added the group’s tactics indicate it is not opportunistic but “operating with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment.”

Companies named by Nitrogen and their response

Alongside Foxconn’s confirmation, Nitrogen’s post named major vendors — Intel, Apple, Google, Dell, and Nvidia — as sources of stolen projects and drawings. CyberScoop reported that Apple and the other companies allegedly impacted “did not respond to a request for comment.” Foxconn likewise did not answer questions about timing or specific systems affected, leaving public confirmation focused on production continuity rather than technical detail.

How technologists, regulators, and customers are likely to react

  • Technologists and security teams: Will examine evidence posted by Nitrogen and audit Windows and VMware servers, given researcher notes that the group rebuilt tools from ALPHV and Conti code. They will also monitor Foxconn’s statements about resumed production for indications of lingering operational or data integrity issues.
  • Policymakers and regulators: May press for clarity on the nature of the breach and whether sensitive customer or supplier designs were exposed, particularly because the companies named by Nitrogen are major hardware and chip vendors. The lack of detail about timing, scope, and ransom status will likely prompt requests for fuller incident reports from Foxconn.
  • Affected enterprises and procurement leaders: Customers that rely on Foxconn’s North American footprint — factories in Mexico, Wisconsin, Ohio, Texas, Virginia and Indiana — will track production-resumption reports and inquire about supply-chain and IP exposure risks tied to the alleged data theft.

The public record released so far lays out an aggressive claim by a named ransomware group and a restrained confirmation from a manufacturer with large, geographically dispersed operations. What remains unsettled in the facts provided: the timing of the intrusion, precise systems or data types impacted, whether a ransom was sought, and whether the images on Nitrogen’s site represent current, complete exfiltration.

For now, the central concrete developments are Nitrogen’s public accusation — and Foxconn’s confirmation that North American factories were impacted but are “resuming normal production” as of Tuesday. Those two facts leave customers and investigators to weigh the credibility of the posted evidence against the company’s operational assurances.

Source: CyberScoop — Major tech manufacturer Foxconn confirms cyberattack hit North American factories

AppleData BreachEmerging ThreatsGoogleRansomwareSupply ChainBig TechFoxconnNitrogenConsumer-TechMFA Bypass Is Not Relevant Here But IntelDellNvidia Are Companies That Could Be Tagged As Targeted Companies Or More Generally As Major Tech Companies But In This Context A More Suitable Tag Seems Big TechSo Here Is Ransomware
Related Intelligence

Continue Reading

Brightly lit office setting with computer workstation and server room in background.

Nissan Breach Exposes Employee Data After Oracle PeopleSoft Exploit

Nissan confirmed a data breach exposing employee information after a cyberattack exploited a critical vulnerability in Oracle PeopleSoft, part of a larger campaign that may have compromised hundreds of companies. The breach was tied to a specific threat actor targeting Nissan's personnel records.

Analyst 207
Brightly-lit office setting with a large window and subtle tech hint.

ShinyHunters Breach Exposes NAIC's Public Data

The National Association of Insurance Commissioners (NAIC) revealed that a breach exposed its public data after an unauthorized third party exploited a PeopleSoft vulnerability, identified as CVE-2026-35273, tied to the notorious ShinyHunters extortion group. This security issue allowed attackers to gain access to a portion of NAIC's IT systems, compromising sensitive information.

Analyst 207
Laptop on a desk with a Google Chrome browser window open displaying a search engine results page.

Malicious Chrome Extension Exploits Search Functionality for Data Interception

A malicious Chrome extension, masquerading as a popular AI search engine, was discovered to be secretly logging users' searches and address bar inputs, with Microsoft confirming that the data collection was no accident. The extension, since removed by Google, cleverly disguised itself as a legitimate tool, routing queries through an attacker-controlled server.

Analyst 207
Brightly-lit industrial setting shows subtle signs of disruption.

The Gentlemen Ransomware Gang Exposes Advanced Tactics

Meet The Gentlemen, a notorious ransomware gang that's made a name for itself with sophisticated tactics, ranking among the top 10 ransomware actors in just a few months. Since February 2026, they've been wreaking havoc across industries and geographies, with a strong presence in Brazil, China, Indonesia, Taiwan, and Thailand.

Analyst 207