Foxconn Confirms Cyberattack on North American Factories
Foxconn, one of the world's largest electronics manufacturers, has confirmed that it suffered a cyberattack that disrupted some of its factories in North America. The Nitrogen ransomware group has claimed responsibility for the attack, stating that it stole 8 terabytes of data spanning over 11 million files.
The threat group posted screenshots of some of the allegedly stolen data, which included confidential instructions, projects, and drawings from major tech companies such as Intel, Apple, Google, Dell, and Nvidia. However, these companies did not respond to requests for comment on the matter.
Response to the Attack
A spokesperson for Foxconn confirmed that some of its factories in North America were affected by the cyberattack and stated that the company's cybersecurity team immediately responded to the breach by implementing additional measures to ensure the continuity of production and delivery. The affected factories have since resumed normal production as of Tuesday.
However, the spokesperson did not provide further details on when the attack occurred or what systems or data were impacted. The nature of the attack and whether a ransom demand was made also remain unclear.
Nitrogen Ransomware Group
The Nitrogen ransomware group was first observed in 2023, using the ALPHV ransomware variant. According to Cynthia Kaiser, senior vice president at Halcyon's Ransomware Research Center, the group started using stolen code from Conti, another formerly prolific ransomware variant, in 2024 to build its own custom attack tools to target Windows and VMware server environments.
Kaiser noted that Nitrogen has recently focused on companies in the manufacturing and technology sectors. However, she also raised questions about the group's claims of data theft, stating that the most recent cases of claims by Nitrogen do not include a working file listing on the leak site and include mostly older images of files. This has led to speculation that Nitrogen may be inflating its data-theft claims to pressure victims into paying higher ransoms.
Tactics and Motivations
Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, stated that Nitrogen follows a consistent playbook, stealing data before encrypting systems to gain leverage on multiple fronts. The group's tactics indicate that it is not opportunistic, but rather operates with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment.
Valenzuela's comments suggest that Nitrogen's motivations are likely financial, with the group seeking to extort money from its victims in exchange for restoring access to their data and systems.
About Foxconn
Foxconn, also known as Hon Hai Precision Industry, is one of the world's largest companies, with $259 billion in revenue last year. The company has a significant presence in North America, with multiple factories in Mexico, Wisconsin, Ohio, Texas, Virginia, and Indiana.
The cyberattack on Foxconn's North American factories highlights the ongoing threat of ransomware to businesses and organizations around the world. As the use of technology continues to grow and evolve, companies must remain vigilant and proactive in protecting themselves against these types of threats.
Source: CyberScoop