Foxconn, the world’s largest electronics contract manufacturer, formally confirmed Tuesday that the Nitrogen ransomware group struck its North American factories, encrypting systems and exfiltrating 8 terabytes of data comprising over 11 million files. Among the stolen material, Nitrogen claims confidential product schematics and internal documents belonging to some of Foxconn’s largest customers: Intel, Apple, Google, Dell, and Nvidia. The confirmation follows Nitrogen’s public claim and a data listing posted to the group’s leak site, and comes as Foxconn said production at affected facilities is in the process of resuming.
Nitrogen Ransomware’s Double-Extortion Attack on Foxconn’s North American Factories
Nitrogen, which has been active since late 2024 and has struck dozens of organizations across the manufacturing, technology, and finance sectors, deployed a double-extortion model against Foxconn — encrypting production systems while simultaneously exfiltrating data that can be held as leverage for ransom payment. The group listed Foxconn’s data on their leak site after the company did not pay within the initial deadline period, a standard pressure tactic in modern ransomware operations that makes public disclosure of the breach an explicit threat rather than a by-product of the attack.
Foxconn’s statement confirmed both the attack and the ongoing recovery: “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery.” The company indicated North American factory operations are currently resuming normal production. No ransom amount was disclosed, and Foxconn did not confirm whether any payment had been made or was under consideration.
8TB of Apple, Intel, Google, and Nvidia Customer Schematics Claimed
Nitrogen’s claim specifies 8 terabytes of data across more than 11 million files, with the stolen content described as confidential documents and product schematics from Foxconn’s customer relationships with Intel, Apple, Google, Dell, and Nvidia. If accurate, the stolen material represents intellectual property with significant competitive intelligence value independent of the ransomware event itself.
Product schematics and manufacturing documentation held by a contract manufacturer carry details about component sourcing, assembly processes, product specifications, and design tolerances that the original equipment manufacturers treat as strictly confidential. This data would be of interest not only to ransomware operators seeking payment leverage but potentially to state actors or corporate intelligence operations seeking competitive advantage in the global electronics market. Foxconn has not confirmed the specific content of the stolen files beyond the general categories described in the Nitrogen claim.
Foxconn’s Statement and Ongoing Production Recovery
Foxconn framed its public response around operational continuity — confirming the attack had occurred while emphasizing that production measures were activated quickly. The company did not provide a timeline for when North American facilities would return to full operational capacity, nor did it detail which specific factory sites or production lines were affected.
The attack represents the most recent in a series of ransomware incidents affecting Foxconn and its related entities. Foxsemicon, a Foxconn subsidiary, was previously targeted by ransomware, and Foxconn itself has faced prior ransomware incidents before the Nitrogen attack. The recurrence pattern suggests that the company’s production environment — spanning dozens of factory sites across multiple countries — presents a persistently attractive target for ransomware operators who calculate that manufacturing disruption creates urgent financial pressure to pay.
Nitrogen’s Growing Targeting of High-Value Manufacturing Firms
Nitrogen has operated since late 2024 with a focus on organizations where operational disruption translates directly into financial loss: manufacturing plants with time-sensitive production schedules, technology firms handling sensitive customer IP, and financial sector organizations where downtime affects transaction processing. The Foxconn attack fits this pattern.
For Foxconn’s technology customers — whose confidential schematics may now be in Nitrogen’s possession — the downstream risk extends beyond Foxconn’s own operations. Companies whose product designs are among the claimed stolen data face their own decisions about disclosure, competitive exposure, and whether the affected schematics represent next-generation products not yet publicly announced.
