Foxconn Attack Highlights Manufacturing's Cyber Crisis TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityAttackers Weaponize RubyGems for Data Dead DropsAttackers Weaponize RubyGems for Data Dead DropsbyAlexander CulafiMay 13, 20264 Min ReadСloud SecurityLatAm Vibe Hackers Generate Custom Hacking Tools on the FlyLatAm Vibe Hackers Generate Custom Hacking Tools on the FlybyAlexander CulafiMay 13, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesCyber RiskThreat IntelligenceVulnerabilities & ThreatsNewsFoxconn Attack Highlights Manufacturing's Cyber CrisisA Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.Jai Vijayan,Contributing WriterMay 14, 20265 Min ReadSource: Tada Images via ShutterstockAn apparent ransomware attack on several of Foxconn's North American facilities is the latest reminder that manufacturing companies are among the most targeted in cybercrime, because of their central role in high-value supply chains and low-tolerance for downtime.Foxconn this week admitted that a cyberattack had affected operations at some of its North American facilities. In a brief statement to Dark Reading, the world's largest contract electronics manufacturer stopped short of describing the attack as a ransomware incident, and did not disclose the scope or the impact of the breach, but confirmed that a malicious actor was behind the incident.Nitrogen Ransomware Gang Claims Credit for Breach"Some of Foxconn's factories in North America suffered a cyberattack," said the company, whose clients include Apple, Nvidia, Amazon, Dell, Google, Huawei, Microsoft, Nintendo, Sony, and Xiaomi. "The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production."Related:China's 'FamousSparrow' APT Nests in South Caucasus Energy FirmEarlier this week, ransomware group Nitrogen claimed credit for the attack on its leak site, according to threat intelligence firm Hackmanac. The threat actor claimed it had exfiltrated more than 11 million files, amounting to some 8TBs of data, from Foxconn, Hackmanac said. The stolen data allegedly included "confidential instructions, internal project documentation, and technical drawings related to projects involving Intel, Apple, Google, Dell, Nvidia, and other companies," Hackmanac said.Sofia Scozzari, CEO and founder of Hackmanac, tells Dark Reading that the sample files that Nitrogen uploaded to its leak site allegedly included Foxconn financial records, engineering schematics, motherboard and PCB diagrams, server platform documentation, power distribution guidelines, thermal and liquid leakage sensor designs, I3C/I2C topology specifications, and manufacturing process documents. "The exposed materials also reference confidential technical documentation associated with JPMorgan Chase, Google, Intel, NVIDIA, AMD, ASPEED, Renesas, Hewlett Packard Enterprise, and Tencent," Scozzari says. At this stage, there is no confirmation that Foxconn paid a ransom, she says. "However, the company is still listed on the Nitrogen ransomware group's onion leak site, which suggests that either negotiations are ongoing, or the company has decided not to pay the ransom."Related:Tech Can't Stop These Threats — Your People CanManufacturers: A Prime Target for RansomwareIt's unclear how Nitrogen actors gained initial access to Foxconn. But previous investigations into Nitrogen-related campaigns have shown that the group uses SEO poisoning and fake software downloads to distribute malicious installers, often impersonating tools such as Advanced IP Scanner, AnyDesk, WinSCP, or Cisco AnyConnect, Scozzari says.The attack is one of hundreds that have targeted manufacturing companies in recent months. Data that Comparitech has compiled show as many as 600 ransomware attacks on manufacturing companies so far this year, with 55 of those victims confirming the incidents. For those with available data, median ransomware payments hover at $400,000, according to Comparitech.Rebecca Moody, head of data research at Comparitech, says manufacturers are a high-value target for ransomware groups because of the important role they play as suppliers to other companies, and also for the data they hold. With the attack on Foxconn, Nitrogen had two chances of receiving a ransom, she says: one for decrypting the systems, and the other for deleting stolen data belonging to Foxconn's clients."We have seen an influx of attacks on manufacturers over the last year or so, which may suggest they've been pinpointed by some gangs as an 'easier' and more lucrative target," Moody says. A number of gangs appear to have shifted their focus away from previous key targets, like healthcare, to focus on manufacturers. Related:ShinyHunters Claims Second Attack Against InstructureAttackers know that manufacturers can ill afford downtime, and are perhaps more likely to succumb to ransom payments to have key systems restored, especially when they are part of larger supply chains. "They may also deal with a number of different and high-profile clients — as Foxconn does — providing hackers with a central target to access data from multiple companies and hold this to ransom, too," Moody says. "This supply chain disruption/access to sensitive data from multiple companies also makes them a prime target for state-sponsored hackers — as we saw with Stryker recently," she adds.In a prepared comment, Ismael Valenzuela, Arctic Wolf’s vice president of labs threat research and intelligence, described Nitrogen's Foxconn attack as being different from its usual and highly consistent focus on smaller and medium sized firms tied to industrial operations and supply chains. "These are businesses that keep supply chains running but often lack the depth of security resources found in large enterprises, making them reliable and repeatable targets," he said. Nitrogen's victim profile also shows a clear targeting of shared vendors and common access points, such as managed service providers, remote access tools, or widely used software platforms that connect multiple companies, he added.Arctic Wolf's 2026 "Threat Report" revealed manufacturing to be the most heavily targeted sector for ransomware, with nearly 70% more victims than the next most targeted industry. The targeting reflects reflecting the focus of attackers on organizations where downtime directly halts revenue and production, according to the cybersecurity vendor.Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!About the AuthorJai VijayanContributing WriterJai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.See more from Jai VijayanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsYour Guide to Securing AI Adoption in Your OrganizationWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsYour Guide to Securing AI Adoption in Your OrganizationTues, June 9, 2026 at 1pm ESTWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Wed, June 3, 2026 at 1pm ESTThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

A recent ransomware attack by the Nitrogen group on Foxconn's North American facilities highlights the extreme vulnerability of the manufacturing sector within global supply chains to cybercrime. This incident serves as one of several attacks this year targeting manufacturers, underscoring the sector's perilous position due to its low tolerance for operational downtime. Foxconn confirmed that a malicious actor was responsible for the incident, but initially refrained from disclosing the scope or impact, confirming only that the cybersecurity team enacted response measures to maintain production continuity.

The Nitrogen ransomware group claimed responsibility for the breach, alleging the exfiltration of over 11 million files amounting to approximately 8 terabytes of data from Foxconn. The stolen materials reportedly included confidential instructions, internal project documentation, and technical drawings related to projects involving major entities such as Intel, Apple, Google, Dell, Nvidia, and others. Furthermore, threat intelligence gathered by Hackmanac indicated that the leaked materials encompassed financial records, engineering schematics, motherboard and PCB diagrams, server platform documentation, power distribution guidelines, and various manufacturing process documents. The exposed materials also referenced confidential technical documentation associated with organizations like JPMorgan Chase, Tencent, and Hewlett Packard Enterprise, demonstrating the sensitive nature of the data held by these manufacturing hubs.

The investigation into the initial breach suggests that the threat actor, Nitrogen, utilizes deceptive methods to gain entry, often employing SEO poisoning and fake software downloads to distribute malicious installers that impersonate legitimate tools such as Advanced IP Scanner, AnyDesk, WinSCP, or Cisco AnyConnect. This tactic exploits vulnerabilities, demonstrating a reliance on social engineering and masquerading to access corporate networks.

The targeting of manufacturers is systemic, with data compiled by Comparitech indicating as many as 600 ransomware attacks on manufacturing companies in the current year, with 55 confirming the incidents. This focus stems from the critical role manufacturers play as suppliers and the substantial amounts of proprietary data they manage. Rebecca Moody of Comparitech posits that manufacturers represent a high-value target because their operations are essential to other companies, and they possess data concerning multiple high-profile clients, which attracts attackers looking for centralized targets. Furthermore, this supply chain disruption and access to sensitive, multi-client data makes manufacturers prime targets for state-sponsored hackers, as noted by Moody in relation to previous incidents.

Ismael Valenzuela, Vice President of Labs Threat Research and Intelligence at Arctic Wolf, characterized the Nitrogen attack as distinct from the group's usual focus on smaller entities, noting that the targets are businesses maintaining supply chains that often lack the deep security resources found in large enterprises. He further observed that Nitrogen frequently targets shared vendors and common access points, such as managed service providers or widely used software platforms that bridge multiple companies, indicating a strategy focused on exploiting systemic weaknesses across the ecosystem. This aligns with the cybersecurity vendor's report, which found that manufacturing is the most heavily targeted sector for ransomware, reflecting the attackers' focus on organizations where operational downtime immediately impedes revenue and production.