Foxconn Confirms Ransomware Attack on North American Factories

Executive Summary

Taiwanese electronics manufacturing giant Foxconn confirmed a cyberattack affecting its North American factories, with the Nitrogen ransomware gang claiming responsibility and asserting they stole 8 terabytes of data. The incident, first reported by DysruptionHub, caused network outages at Foxconn's Wisconsin facility, forcing employees to revert to pen-and-paper workflows. Foxconn stated that affected factories are resuming normal production after its cybersecurity team activated response mechanisms. The Record (Recorded Future News) reported the confirmation.

Technical Analysis

Foxconn, the world's largest contract electronics manufacturer with $258.3 billion in 2025 revenue, disclosed the attack through a spokesperson who declined to specify the number of impacted facilities. The company operates factories in Wisconsin, Ohio, Texas, Virginia, Indiana, and multiple locations across Mexico. An employee at the Wisconsin site reported Wi-Fi issues beginning Friday, with computers rendered inoperable and staff sent home due to network outages, according to DysruptionHub.

The Nitrogen ransomware gang claimed the attack on Monday, alleging exfiltration of 8 terabytes of data comprising millions of files, including technical information from prominent tech firms. Foxconn manufactures products for Apple, Google, Microsoft, Cisco, and others, making the stolen data potentially highly sensitive.

Cybersecurity researchers at Barracuda Networks described Nitrogen as "a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023." The Nitrogen ransomware strain is believed to have been built using a builder derived from the now-defunct Conti ransomware, according to cybersecurity experts cited by The Record. This lineage gives Nitrogen access to Conti's proven encryption and extortion playbook.

Foxconn has been a recurring target for ransomware operations. LockBit attacked its semiconductor segment in 2024, targeted its Mexican manufacturing facilities in 2022, and another unnamed ransomware gang struck additional Mexican sites in 2020.

Mitigations & Recommendations

Organizations in the manufacturing and supply-chain sectors should treat this incident as a reminder that large contract manufacturers remain high-value targets for ransomware groups seeking to disrupt production and steal intellectual property. Defenders should monitor for Nitrogen ransomware indicators, including the use of Conti-derived encryption routines and typical post-exploitation tools. Foxconn has not released specific IOCs or technical details of the breach vector. Companies that share data with Foxconn should review access logs and consider rotating credentials for any shared systems or privileged accounts.