Foxconn, one of the world’s largest electronics manufacturers and a major supplier to Apple, has confirmed that a recent Foxconn cyberattack disrupted operations at several of its North American facilities. According to online reports, a ransomware group known as Nitrogen claimed responsibility for the incident and alleged that it stole massive amounts of company data.
The Nitrogen ransomware group claimed earlier this week that it exfiltrated more than eight terabytes of data from Foxconn systems. The group alleged that the stolen information included over 11 million files. Researchers also said the attackers claimed to possess schematics connected to several major technology companies that work with Foxconn.
While the Nitrogen ransomware operators made claims regarding the cyberattack on Foxconn, the company itself has not publicly confirmed whether any data was stolen, whether systems were encrypted, or whether a ransom demand was issued.
Company Activates Emergency Response Measures
In a statement addressing the Foxconn cyberattack, the company said its cybersecurity team responded immediately after detecting the incident.
“Some of Foxconn’s factories in North America suffered a cyberattack,” the company said, as reported by the DysruptionHub. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
The ransomware-related disruption reportedly affected operational systems at several facilities, although Foxconn did not identify which factories were impacted. The company operates more than 230 factories and offices across 24 countries, including major facilities in Wisconsin, Texas and other parts of the United States.
Wisconsin Facility Employees Report Network Outages
The cyberattack on Foxconn first became publicly noticeable after employees at one of the company’s Wisconsin facilities reported severe IT disruptions. An employee told DysruptionHub that workers began experiencing Wi-Fi issues on Friday, before being sent home due to widespread network outages.
According to the employee, computers stopped functioning properly, forcing staff members to complete certain tasks manually using paper and pen.
At the time, Foxconn confirmed only that it was experiencing technical issues and had activated emergency response mechanisms to address the situation. The company later stated that certain functions affected by the Foxconn cyberattack were gradually being restored.
Nitrogen Ransomware Group Publishes Data Theft Claims
The Nitrogen ransomware group publicly listed Foxconn on its leak site on Monday, May 11, only days after reports emerged regarding operational disruptions at Foxconn’s Wisconsin sites. The group claimed it possessed approximately 8 terabytes of data collected during the ransomware attack and shared sample images it described as evidence of the breach.
However, those claims remain unverified. DysruptionHub reported that it could not independently confirm whether the files posted by Nitrogen were authentic, whether data had actually been stolen, or whether the alleged leak was directly connected to the operational disruptions experienced at Foxconn facilities in Wisconsin.
Foxconn has not confirmed ransomware involvement, data theft, or the existence of a ransom demand. The company previously described the disruption as a technical issue affecting IT systems and said restoration efforts were underway.
Experts Link Nitrogen to Conti-Based Ransomware Builder
Cybersecurity experts have linked Nitrogen ransomware activity to tools and infrastructure associated with the now-defunct Conti ransomware operation. Researchers at Barracuda Networks described Nitrogen as “a sophisticated and financially motivated threat group that was first observed as a malware developer and operator in 2023.”
Experts believe the Nitrogen ransomware strain may have been created using a builder derived from the Conti ransomware codebase.
The growing sophistication of ransomware groups has raised concerns across the manufacturing sector, particularly among companies managing large-scale supply chains and sensitive operational infrastructure.
Foxconn Has Faced Multiple Ransomware Incidents
The latest Foxconn cyberattack is not the first time the company has faced threats from ransomware gangs. Foxconn has repeatedly been targeted by cybercriminal groups in recent years.
In 2024, the company’s semiconductor business reportedly suffered a ransomware attack carried out by the LockBit gang. Prior to that, Foxconn’s manufacturing facilities in Mexico were targeted in 2022 by the same cybercriminal group. Another ransomware attack also affected Foxconn operations in Mexico in 2020.
As the world’s largest contract electronics manufacturer, Foxconn produces hardware for companies including Apple, Google, Microsoft and Cisco. The company reported approximately $258.3 billion in revenue in 2025, highlighting the scale of its operations and the potential global impact of disruptions caused by ransomware attacks.
The Cyber Express has also reached out to the organization to learn more about this Foxconn cyberattack. We will update this post once we have more information on the attack or any new information from the company.
