Create a free Industrial Equipment News account to continue

Foxconn Confirms Cyberattack

The global electronics manufacturer had 8TB of data stolen, including financial records and design schematics.

I Stock 1369353989
iStock/Robert Way

Global electronics manufacturer Foxconn has confirmed a cyberattack affecting several North American factories earlier this week. The ransomware group Nitrogen claimed it stole 8TB of data comprised of more than 11 million files. 

The stolen data reportedly included confidential project documentation, technical drawings, hardware schematics, component information, financial documents and internal instructions tied to major Foxconn customers, including Apple, Nvidia, Intel, AMD Google, Dell and others. 

Sofia Scozzari, CEO and founder of Hackmanac, told Dark Reading that the sample files also included motherboard and PCB diagrams, server platform documentation, power distribution guidelines, thermal and liquid leakage sensor designs, I3C/I2C topology specifications, and manufacturing process documents. 

Foxconn has stated that their facilities have resumed normal operations, but did not comment on whether or not a ransom was paid. Additionally, no dollar amounts have been released by Nitrogen. The group first appeared in 2023, using a malware platform mirroring that used by BlackCat. 

It's thought that the group later developed its own strain of ransomware, but with a vital flaw that makes decryption inconsistent for both the victim and the attacker. The group has been growing its reach selectively, hitting targets primarily in the U.S. Foxconn is easily it's largest victim to date.

Experts are concerned with two primary areas of potential fallout from the attack. First, leaked technical information could assist counterfeiters in producing less expensive, less reliable knock-off devices. Secondly, this information could help other hackers identify vulnerabilities in either the hardware or firmware of the devices and their supply chains.

A number of industry stakeholders offered their thoughts:

Josh Marpet, Senior Product Security ConsultantFinite State: “While this is undoubtedly a blow to Foxconn, the damage this could cause to the general public is immensely greater. Fake iPhones, fake laptops, fake merchandise of any kind, with sub-standard build quality, is not going to do the original corporate reputations any good.  

"Plus, with the firmware and code running around, we've got an issue where any flaws in that firmware and software will be exploited quickly. Product security becomes an absolute mandate in this scenario. Luckily, there are fantastic product security companies who can help the original manufacturers. Let's see who uses them."

Damon Small, Board of Directors, Xcape, Inc.: "The Foxconn breach moves the ransomware conversation from operational disruption to long-term architectural risk. While factory floors are restarting, the alleged theft of 8TB of data— specifically hardware schematics and network topologies for major clients like Intel and Google—represents a generational threat to the supply chain. 

"This isn't just about stolen IP; it’s about providing adversaries with a detailed roadmap of the physical and logical infrastructure that underpins global AI and data center operations. Critical takeaways include"

  • Architectural Risk > Operational Downtime: The real danger isn't the temporary production pause at the Wisconsin facility, but the exfiltration of network topology maps. Stolen blueprints for server processors and data center layouts allow threat actors to pre-stage 'living-off-the-land' attacks against the hardware itself.
  • The "Conti" Connection and Ransom Futility: Nitrogen’s lineage traces back to leaked Conti source code, but with a critical flaw - their current ESXi encryptor often corrupts the master public key. Paying the ransom is a fool’s errand; the data is likely unrecoverable via their tools, making this a pure data-theft extortion play.
  • Secondary Supply Chain Exposure: Major partners like Nvidia and Apple must now treat their Foxconn-facing interfaces as compromised. If schematics for integrated circuits and board layouts are in the wild, the window for discovering zero-day hardware vulnerabilities or developing highly accurate counterfeit components has just swung wide open.

"Somewhere in Cupertino and Santa Clara, a lot of highly paid engineers just realized that their 'secure' hardware design cycle now includes a mandatory peer review by a ransomware gang.”

Rebecca Moody, Head of Data Research at Comparitech: "This attack highlights why manufacturers remain a key target for ransomware groups. Through this attack, Nitrogen not only caused disruption to certain Foxconn systems, but also stole vast quantities of data (if the allegations of 8TB of data theft are true). Therefore, Nitrogen has two chances of receiving a ransom: one for decrypting the systems and the other for deleting said stolen data.

"Manufacturers might not always be in possession of vast quantities of personal data but they'll often have data that, if leaked, could have a significant impact on their operations and/or clients. The fact that Foxconn works with such high-profile brands only works to add pressure to the company to pay the ransom to prevent said data from being published."

More in Supply Chain