A ransomware group is claiming to have stolen 8 terabytes of data from Foxconn, Apple's biggest supplier and the world's largest electronics manufacturer. According to a report by Wired, the group has listed Foxconn on its breach site and is attempting to extort the company. It claims that the stolen data belonged to the company's major clients such as Apple, Google, Dell, and Nvidia. Foxconn has confirmed that some of its North American factories suffered a cyberattack in recent days, adding that affected facilities are now resuming normal production.
Who is behind the Foxconn cyber attack
As per the report, the group claiming responsibility for the Foxconn cyber attack is Nitrogen that first emerged in 2023. Not the most well-known ransomware actor, the group has been steadily active — with a notable spike in activity at the end of 2024. Researchers have also linked Nitrogen to the notorious ALPHV/BlackCat ransomware group, one of the more dangerous criminal networks in the cybersecurity world.
As mentioned above, Nitrogen listed Foxconn on its breach site on Monday. Beyond threatening to release stolen data, the group also typically deploys ransomware that encrypts a victim's systems, locking them out until a ransom is paid. However, researchers have flagged a significant flaw in Nitrogen's own encryption tool — a design bug that makes it impossible to decrypt data once locked, even if the attackers agree to do so.
Why Foxconn is a prime target
Foxconn is not just a large company — it is a critical link in the global electronics supply chain. It manufactures components and complete devices for some of the world's biggest tech brands, most notably Apple's iPhones. That makes it an especially attractive target for ransomware groups.
Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software, said Allan Liska, a threat intelligence analyst at security firm Recorded Future, to Wired. So it's unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world.
This is far from the first time Foxconn has been in a ransomware group's crosshairs. In December 2020, the DoppelPaymer group attacked a Foxconn facility in Mexico and demanded 1,804 Bitcoin — worth roughly $34 million then. In May 2022, the LockBit group hit another Mexican facility, disrupting production. Most recently, in 2024, LockBit attacked Foxsemicon Integrated Technology, a Foxconn subsidiary, defacing its systems and claiming a data breach.
The TOI Tech Desk is a dedicated team of journalists committed to delivering the latest and most relevant news from the world of technology to readers of The Times of India. TOI Tech Desk's news coverage spans a wide spectrum across gadget launches, gadget reviews, trends, in-depth analysis, exclusive reports and breaking stories that impact technology and the digital universe. Be it how-tos or the latest happenings in AI, cybersecurity, personal gadgets, platforms like WhatsApp, Instagram, Facebook and more; TOI Tech Desk brings the news with accuracy and authenticity.
