Foxconn has confirmed that several of its North American factories were hit by a cyberattack, after the Nitrogen ransomware group claimed to have stolen 8TB of data comprising more than 11 million files.
According to the bad actor, the information supposedly obtained contains private directives, project details, technical drawings, and related project documents that pertain to companies such as Intel, Apple, Google, Dell, and Nvidia. These claims have not been independently verified yet.
In a statement shared with media outlets, Foxconn acknowledged the breach and confirmed that attackers had stolen 8TB of data and more than 11 million documents.
Some of the company’s factories in North America suffered an attack. The security team instantly activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery.
Foxconn added that the affected factories are currently resuming normal production.
The incident was first observed on 11 May and remains under investigation.
Though Foxconn maintained that its production continuity plans were implemented in a very short time frame, the magnitude of the data breach could raise concerns within the global technology supply chain given Foxconn’s status as a key manufacturer for many large technology companies.
Undoubtedly a blow to Foxconn
Josh Marpet, Senior Product Security Consultant at Finite State, commented: “While this is undoubtedly a blow to Foxconn, the damage this could cause to the general public is immensely greater. Fake iPhones, fake laptops, fake merchandise of any kind, with sub-standard build quality, is not going to do the original corporate reputations any good. Plus, with the firmware and code running around, we’ve got an issue where any flaws in that firmware and software will be exploited quickly. Product security becomes an absolute mandate in this scenario.”
Luckily, Marpet said there are fantastic product security companies who can help the original manufacturers. “Let’s see who uses them.”
Long-term architectural risk
Damon Small, Board of Directors, at Xcape Inc, added: “The Foxconn breach moves the ransomware conversation from operational disruption to long-term architectural risk. While factory floors are restarting, the alleged theft of 8TB of data – specifically hardware schematics and network topologies for major clients like Intel and Google – represents a generational threat to the supply chain.”
Small said this isn’t just about stolen IP; it’s about providing adversaries with a detailed roadmap of the physical and logical infrastructure that underpins global AI and data center operations.
He offered some takeaways
- Architectural Risk > Operational Downtime: The real danger isn’t the temporary production pause at the Wisconsin facility, but the exfiltration of network topology maps. Stolen blueprints for server processors and data center layouts allow threat actors to pre-stage “living-off-the-land” attacks against the hardware itself.
- The “Conti” Connection and Ransom Futility: Nitrogen’s lineage traces back to leaked Conti source code, but with a critical flaw – their current ESXi encryptor often corrupts the master public key. Paying the ransom is a fool’s errand; the data is likely unrecoverable via their tools, making this a pure data-theft extortion play.
- Secondary Supply Chain Exposure: Major partners like Nvidia and Apple must now treat their Foxconn-facing interfaces as compromised. If schematics for integrated circuits and board layouts are in the wild, the window for discovering zero-day hardware vulnerabilities or developing highly accurate counterfeit components has just swung wide open.
“Somewhere in Cupertino and Santa Clara, a lot of highly paid engineers just realized that their “secure” hardware design cycle now includes a mandatory peer review by a ransomware gang,” Small ended.
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.