A ransomware group called Nitrogen is attempting to extort electronics manufacturing giant Foxconn, claiming to have stolen 8 terabytes of data from the company — including schematics and project details belonging to customers such as Apple, Dell, Google, and Nvidia. Foxconn acknowledged in May 2026 that some of its North American factories “suffered a cyberattack” in recent days, adding that “affected factories are currently resuming normal production” following outages. The company did not immediately respond to requests to confirm the validity of Nitrogen’s specific claims.
Nitrogen listed Foxconn on its breach site on Monday. The group, which emerged in 2023 and primarily targets organizations in North America and Western Europe, has recorded approximately 50 victims since launching, with a focus on manufacturing, technology, and retail sectors. Researchers also note connections between Nitrogen and the ALPHV/BlackCat ransomware group. Nitrogen’s ransomware code was built from repurposed “Conti 2” source code, and researchers have identified a design flaw in its encryption mechanism that makes it impossible to decrypt affected data — even if the attackers choose to cooperate.
Foxconn is a key manufacturing contractor for electronic components and complete devices, including Apple’s iPhones, and holds sensitive intellectual property for numerous global clients. “Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software,” said Allan Liska, a threat intelligence analyst at Recorded Future. “So it’s unsurprising that a company like Foxconn would be targeted, since it does manufacturing and holds sensitive data for so many companies around the world.”
This is not Foxconn’s first encounter with ransomware. In December 2020, the DoppelPaymer group attacked a Mexican facility and demanded 1,804 bitcoin — roughly $34 million at the time. LockBit struck another Mexican facility in May 2022, disrupting production, and attacked Foxconn subsidiary Foxsemicon Integrated Technology in 2024.
The incident underscores the risk facing large manufacturers that centralize sensitive customer data. The attack comes just days after extortion actors breached education technology firm Instructure, forcing it to shut down access to its Canvas platform and disrupting thousands of U.S. schools during finals week.
Source: WIRED