Foxconn, the world’s largest electronics manufacturer, says some of its North American factories are now working to resume normal operations after a cyberattack.
The electronics giant has over 900,000 employees across over 240 campuses in 24 countries and reported revenues of over $260 billion in 2025. The company is ranked 28th in Fortune Global 500 and manufactures a wide range of electronic products for major tech companies worldwide, including Apple, Nvidia, Intel, and Google.
The incident was confirmed by a Foxconn spokesperson when BleepingComputer asked the company to confirm claims by the Nitrogen ransomware operation earlier this week that they had stolen 8 TB of data and more than 11 million documents.
“Some of Foxconn’s factories in North America suffered a cyberattack,” the company spokesperson told BleepingComputer in an emailed statement.
“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
Nitrogen also says on their dark web leak site that the stolen Foxconn files contain “confidential instructions, projects and drawings” from Apple, Intel, Google, Nvidia, AMD, and other Foxconn customers.
The threat actors behind the Nitrogen ransomware operation first surfaced in 2023 with a malware loader using the same name that deployed BlackCat/ALPHV ransomware payloads.
The cybercrime group later developed its own ransomware strain using leaked Conti 2 builder code. However, according to Coveware security researchers, “a coding mistake in the ESXi malware causes it to encrypt all the files with the wrong public key, irrevocably corrupting them.”
While Nitrogen ransomware isn’t the most active ransomware operation, it has slowly added dozens of victims to its leak site since 2024.
This isn’t the first time Foxconn has been hit by ransomware, with the LockBit ransomware gang claiming to have hit Foxconn subsidiary Foxsemicon in January 2024 and a Foxconn production plant in Tijuana, Mexico, in late May 2022.
In December 2020, the DoppelPaymer ransomware operation also claimed it hit Foxconn’s CTBG MX facility in Ciudad Juárez and demanded a $34 million ransom after allegedly stealing 100GB of data, encrypting up to 1,400 servers, and destroying 20 to 30TB of backup data.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
