Foxconn — Nitrogen ransomware attack on North American factories
Foxconn confirmed a ransomware attack on its US factories after Nitrogen claimed 8TB and 11 million files stolen referencing Apple, Nvidia and Intel projects.
- Target
- Foxconn — Nitrogen ransomware attack on North American factories
- Date public
- 12 May 2026
- Sector
- Manufacturing
- Attack type
- Ransomware
- Threat actor
- Nitrogen
- Severity
- High
- Region
- Global (Taiwan-headquartered)
Foxconn confirmed on 12 May 2026 that its North American operations had been hit by a cyberattack, after the Nitrogen ransomware crew listed the company on its dark-web leak site on 11 May and claimed theft of approximately 8TB of data spanning more than 11 million files. In statements provided to The Register and BleepingComputer, a Foxconn spokesperson said its cybersecurity team had “activated the response mechanism” and that affected facilities were “resuming normal production”.
The disruption concentrated on two US sites: the Mount Pleasant, Wisconsin manufacturing complex and a Houston, Texas operational site. Local reporting points to network problems beginning on 1 May, with Wi-Fi cut and core plant infrastructure impaired by late morning, and manufacturing remaining degraded until around 12 May — an outage of roughly eleven days. Foxconn has not publicly characterised the intrusion vector, the lateral-movement chain, or whether encryption was deployed alongside the data theft.
Nitrogen’s leak-site post claims the stolen archive contains confidential instructions, internal project documentation, technical hardware drawings, circuit-board layouts, integrated-circuit documentation, temperature-sensor records, and financial files tied to the Houston facility. The group further alleges that materials inside the archive reference projects involving Apple, Intel, Google, Dell, Nvidia and AMD — Foxconn’s downstream OEM customer set. None of those companies has publicly confirmed exposure of their own engineering data. The provenance of the dump is currently a leak-site assertion, not an independently verified claim.
Nitrogen has been operational since 2023 and is widely assessed to belong to the post-Conti / leaked-Conti-2-builder lineage of ransomware brands, with some reporting linking the group’s code or tooling to the BlackCat/ALPHV ecosystem. The crew’s previous victims have skewed towards mid-market US manufacturing and healthcare; Foxconn would be one of its largest claimed compromises to date.
A deep-dive will follow once Foxconn issues a formal regulatory disclosure (the company is Taiwan-listed; US-customer downstream impact may yet drive 8-K filings from Apple, Nvidia or others), the OT-versus-IT scope of the eleven-day outage clarifies, and the leak-site dump can be independently characterised.
Sources
- The Register — Foxconn confirms cyberattack after Nitrogen claims Apple/Nvidia data theft (12 May 2026) // reporting
- BleepingComputer — Foxconn confirms cyberattack claimed by Nitrogen ransomware gang // reporting
- The Record (Recorded Future News) — Foxconn confirms cyberattack impacting North American factories // reporting