A ransomware group known as Nitrogen has claimed responsibility for a cyberattack against Foxconn, a key contract manufacturer for Apple and other major technology firms, asserting the theft of eight terabytes of data including files related to Apple projects. The incident, which disrupted production at Foxconn’s Mount Pleasant, Wisconsin facility for roughly a week in early May, raises renewed questions about supply chain security for the world’s largest hardware vendors.
Attack Details and Operational Impact
Nitrogen, a group believed to have branched from leaked Conti 2 ransomware code and active since 2023, exfiltrated approximately 11 million files, according to reports from *The Register* and *Wired*. The stolen data reportedly includes confidential instructions, internal project documentation, and technical drawings related to projects involving Apple, Intel, Google, Dell, and Nvidia.
The cyberattack caused a network outage at Foxconn’s Wisconsin plant beginning May 1, with Wi-Fi cut off by 7 a.m. and disruptions spreading through core infrastructure by 11 a.m. Workers were ordered to shut down computers and revert to paper timesheets, while additional disruptions affected Foxconn facilities in Houston, Texas. A Foxconn spokesperson confirmed that the cybersecurity team activated response mechanisms and that affected factories are resuming normal production, though the company declined to specify which facilities were impacted.
Data Scope and Risk Assessment
Despite Nitrogen’s claims regarding Apple-specific files, analysts who reviewed sample data found limited direct risk to Apple’s unreleased products. The sample set appears to contain financial documents for the Houston facility, documentation for temperature sensors and board layouts, and network topology documentation for AMD, Intel, and Google projects—predominantly related to Foxconn’s electrical engineering team.
Apple famously enforces strict secrecy around unreleased products, and suppliers typically receive only the technical information required for their specific manufacturing role. However, analysts noted that the stolen network topology specs for Google and Intel represent the most significant concern, as they could be used to locate and exploit vulnerabilities in data centers.
Ransom Dynamics and Broader Supply Chain Implications
Nitrogen operates a double-extortion model, encrypting data and threatening to publish it. In a complicating factor for Foxconn, researchers at Coveware warned in February that a programming error prevents Nitrogen’s decryptor from recovering victims’ files, potentially rendering ransom payment futile.
This incident marks Foxconn’s third major ransomware attack in as many years, following LockBit incidents in 2022 and 2024, and a 2020 DoppelPaymer attack demanding 1,804 Bitcoin. The pattern underscores an uncomfortable reality for Apple and its customers: even when Apple’s own systems remain secure, its manufacturing partners remain attractive and vulnerable targets. Apple has not commented on the incident.
— Originally reported by Cult of Mac. Adapted and republished with editorial context for MacThreat.
