"Some of Foxconn's factories in North America suffered a cyberattack," a company spokesperson told BleepingComputer, confirming a claim posted by the Nitrogen ransomware operation that it had stolen a large trove of Foxconn data.
What Foxconn said and the operational impact
Foxconn, the world's largest electronics manufacturer with over 900,000 employees across more than 240 campuses in 24 countries and reported revenues of over $260 billion in 2025, acknowledged the incident in a written statement to BleepingComputer. The spokesperson said the company's cybersecurity team "immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery." According to that statement, the affected North American factories are "currently resuming normal production."
Nitrogen's claim: 8 TB and "more than 11 million documents"
The Nitrogen ransomware operation posted claims on its dark web leak site saying it had taken 8 TB of data and "more than 11 million documents" from Foxconn. Nitrogen further asserts the stolen files contain "confidential instructions, projects and drawings" belonging to a set of Foxconn customers named on the leak site: Apple, Intel, Google, Nvidia, AMD, and others.
Nitrogen's profile and a notable technical limitation
Nitrogen first surfaced in 2023 with a malware loader using the same name that deployed BlackCat/ALPHV ransomware payloads. The group later developed its own ransomware strain using leaked Conti 2 builder code. However, Coveware security researchers have reported a critical flaw in Nitrogen's ESXi-targeting malware: "a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them." That finding, if applicable to this incident, would affect the usability of any encrypted files—but the public record here only records Coveware's technical assessment about the malware family, not confirmation tied to this specific Foxconn intrusion.
Foxconn's recent ransomware history
This is not the first ransomware-related claim involving Foxconn and its subsidiaries. The LockBit gang claimed to have hit Foxconn subsidiary Foxsemicon in January 2024 and also claimed an attack on a Foxconn production plant in Tijuana, Mexico, in late May 2022. In December 2020, the DoppelPaymer operation claimed it hit Foxconn's CTBG MX facility in Ciudad Juárez and demanded $34 million after alleging it had stolen 100 GB of data, encrypted up to 1,400 servers, and destroyed 20 to 30 TB of backup data.
How Apple, Intel, Google, Nvidia, AMD, Foxconn operations, and security teams are likely to respond
- Apple, Intel, Google, Nvidia, AMD (named by Nitrogen): Each company named in Nitrogen's leak will be watching for verification of whether the alleged 8 TB and "more than 11 million documents" include their designs or "confidential instructions, projects and drawings" as claimed by the extortion group.
- Foxconn operations and North American factories: Foxconn's stated course—activating its response mechanism, implementing operational measures, and resuming production—frames immediate priorities as continuity of delivery and factory-level restoration.
- Security researchers and defenders: Given Coveware's public finding about a coding mistake that can irrevocably corrupt files, researchers and incident responders will be attentive to evidence about whether exfiltrated data is intact and whether any encrypted systems can be meaningfully recovered.
The episode fits into a string of publicly claimed intrusions affecting Foxconn and its affiliates over several years. Foxconn's confirmation that North American factories were attacked and are resuming production is the firm's only public operational update in the reporting to date; Nitrogen's claims about the volume and contents of stolen material and Coveware's technical critique of Nitrogen's ESXi malware remain the central, competing strands in the public record. The question left on the table is straightforward and consequential: can independent verification establish whether the 8 TB and "more than 11 million documents" include the customer materials Nitrogen lists?
