Apple supplier Foxconn confirms ransomware attack affected North American factories

WIRED reports that Foxconn acknowledged that some of its North American factories “suffered a cyberattack” in recent days, after the ransomware group Nitrogen claimed to have stolen 8TB of data from the company. Here are the details.

Foxconn successfully attacked yet again

According to WIRED, a ransomware group known as Nitrogen claims to have stolen 8 TB of data from Foxconn, one of Apple’s main manufacturing partners for the iPhone and other devices.

WIRED says:

A ransomware group is attempting to extort the electronics manufacturing giant Foxconn, claiming that it stole 8 TB of data from the company, including schematics and project details from customers including Dell, Google, Apple, and Nvidia.

This is not the first ransomware incident involving Foxconn in recent years. In 2020, for instance, a Foxconn facility in Ciudad Juárez, Mexico, was hit by an attack that encrypted servers, stole data, and included a bitcoin demand worth roughly $34.6 million at the time.

While WIRED’s report doesn’t mention it directly, it appears that the affected plants this time around include its Mount Pleasant (WI) factory, according to The Cybersec Guru (via AppleInsider):

The outage first surfaced on Friday, May 1, when workers at the Mount Pleasant campus reported a full network collapse. By 7:00 AM, Wi-Fi was gone. By 11:00 AM, the disruption had spread through core plant infrastructure.

“We were told to turn off our computers and not log back in under any circumstances,” said one worker, who asked not to be identified. “The timecard terminals were dead. We were filling out paper timesheets just to track our hours.”

AppleInsider says that in addition to the Wisconsin plant, it appears that a Foxconn facility in Houston, Texas, was also affected.

The site also says that while Nitrogen has posted a set of sample files allegedly taken from Foxconn, Apple-related materials do not appear to be present in them:

It’s not clear if there are any files directly related to existing or future Apple projects. This ultimately doesn’t serve as much of a surprise, given that Foxconn’s Mount Pleasant facility primarily produces televisions and data servers rather than Apple devices.

This attack is the latest in a series of cyberattacks and extortion attempts involving Foxconn facilities in recent years. Here’s WIRED again:

The idea of Foxconn as a prime target is not just conceptual. The company has faced a number of extortion attempts, including a December 2020 attack on a Mexican facility in which the DoppelPaymer ransomware group memorably demanded 1,804 Bitcoin (worth roughly $34 million at the time). The LockBit group hit another Foxconn facility in Mexico in May 2022 and disrupted production. Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology in 2024 with defacements and data breach claims.

Foxconn, for its part, has not confirmed the scope of the incident, but told WIRED that the affected factories are “currently resuming normal production.”

Worth checking out on Amazon

• David Pogue – ’Apple: The First 50 Years’
• MacBook Neo
• Logitech MX Master 4
• AirPods Pro 3
• AirTag (2nd Generation) – 4 Pack
• Apple Watch Series 11
• Wireless CarPlay adapter