Nitrogen Ransomware Gang Steals 8TB from Foxconn North American Factories

Foxconn, the world's largest contract electronics manufacturer, has confirmed that several of its North American factories were compromised by the Nitrogen ransomware gang, which claims to have stolen 8 terabytes of data spanning more than 11 million files.

The attack came to light when Nitrogen listed Foxconn on its Tor-based data leak site, posting screenshots as proof. Among the allegedly stolen material: confidential technical drawings, project files, and engineering schematics linked to major Foxconn clients including Apple, Intel, Google, Dell, and Nvidia.

What Foxconn Says

In a statement to SecurityWeek, Foxconn confirmed the incident: "The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production."

The company did not disclose which specific facilities were hit, how many employees were affected, or whether it received a ransom demand.

Who Is the Nitrogen Gang?

Nitrogen has been active since late 2024 and uses double-extortion tactics — encrypting systems while simultaneously threatening to publish stolen data unless a ransom is paid. The group currently lists several dozen victims on its leak site, concentrated in manufacturing, technology, and finance sectors.

Unlike opportunistic ransomware operations, Nitrogen focuses on high-value industrial and tech targets where sensitive intellectual property creates maximum leverage over the victim.

Why This Breach Is Different

Foxconn's role as the manufacturing backbone for much of Silicon Valley makes it an unusually lucrative target. A single successful breach at Foxconn can simultaneously expose proprietary designs, production schedules, and supply-chain details for dozens of the world's most valuable tech companies — all without hacking any of those companies directly.

This is not Foxconn's first ransomware encounter. A facility in Mexico was hit in 2021, and Foxsemicon — a Foxconn subsidiary — was targeted by a separate group in 2024. The pattern suggests persistent security gaps in large-scale contract manufacturing, where operational uptime routinely takes precedence over security hardening.

If Nitrogen's claims about Apple and Nvidia schematics are verified, the consequences could extend well beyond Foxconn — potentially exposing unreleased product designs and supply-chain strategies to competitors or state-sponsored actors. As first reported by SecurityWeek, Foxconn has not confirmed whether a ransom demand was issued or whether it intends to pay.