What happened
Foxconn, the world’s largest contract electronics manufacturer, confirmed that a cyberattack affected several of its North American factories, causing production disruptions before recovery measures were implemented. The company declined to specify how many facilities were impacted. Factories in Wisconsin, Ohio, Texas, Virginia, Indiana, and several locations across Mexico were potentially affected given Foxconn’s North American footprint.
An employee at the Wisconsin facility reported Wi-Fi outages beginning Friday, with workers sent home due to network failures and forced to revert to paper-based processes. The Nitrogen ransomware gang claimed responsibility on Monday, asserting it stole 8 terabytes of data and millions of files including technical information connected to several prominent technology companies. Foxconn has not confirmed the ransomware characterization or the claimed data theft.
Foxconn stated its cybersecurity team activated response mechanisms and implemented operational measures to maintain production and delivery continuity, with affected factories currently resuming normal operations. The company reported $258.3 billion in revenue in 2025 and manufactures products for Apple, Google, Microsoft, Cisco, and others. This is the fourth documented ransomware incident targeting Foxconn or its subsidiaries since 2020, following attacks on Mexican facilities in 2020 and 2022 and a LockBit attack on its semiconductor segment in 2024. The Nitrogen ransomware strain is assessed by researchers to have been built using a builder derived from the now-defunct Conti ransomware and has been active as a financially motivated threat group since 2023.
Who is affected
Foxconn’s North American manufacturing operations and their workforces faced direct operational disruption. The claimed theft of technical information connected to major technology clients raises potential supply chain exposure concerns for companies whose product manufacturing runs through Foxconn facilities, though no client has confirmed data impact at this stage.
Why CISOs should care
Foxconn’s repeated targeting by ransomware groups across multiple subsidiaries and geographies over five years illustrates that large-scale contract manufacturers are a persistent and high-value target category. The operational impact here went beyond data theft to physical production disruption, with employees unable to work and facilities reverting to manual processes. For security leaders at organizations with Foxconn in their manufacturing supply chain, the claimed theft of technical product information is the most relevant concern pending further disclosure.
The Nitrogen ransomware’s Conti-derived lineage also places it within a well-documented family of sophisticated ransomware tooling with established double-extortion capabilities.
3 practical actions
- Assess your organization’s manufacturing supply chain exposure to the Foxconn incident: If your organization manufactures products through Foxconn facilities, initiate contact with your account representatives to determine whether your product specifications, designs, or technical data were within the scope of the claimed 8TB theft, and treat that data as potentially compromised until confirmed otherwise.
- Review third-party manufacturer security requirements in your supply chain contracts: Foxconn’s repeated ransomware incidents across multiple facilities and years suggest that contractual security requirements and audit rights for major manufacturing partners deserve the same scrutiny applied to software and cloud vendors. Assess whether your contracts include security baseline requirements, breach notification obligations, and audit rights.
- Monitor Nitrogen ransomware indicators and threat intelligence for client data disclosures: The claimed theft includes technical information from multiple technology firms. Track Nitrogen’s leak site and threat intelligence feeds for any disclosures of data connected to your organization or its products, and prepare a response framework for the scenario where proprietary technical information is published.
John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business. He produces editorial content across multiple industries, including executive-focused security media, translating complex technical topics into clear, authoritative copy for professional audiences.