Foxconn Attack Highlights Manufacturing's Cyber Crisis

Foxconn Attack Highlights Manufacturing's Cyber Crisis

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesCyber RiskThreat IntelligenceVulnerabilities & ThreatsNewsFoxconn Attack Highlights Manufacturing's Cyber CrisisA Nitrogen ransomware attack on Foxconn's North American facilities is one of 600 hits on manufacturers this year, as gangs increasingly target the sector for its low tolerance for downtime.Jai Vijayan,Contributing WriterMay 14, 20265 Min ReadSource: Tada Images via ShutterstockAn apparent ransomware attack on several of Foxconn's North American facilities is the latest reminder that manufacturing companies are among the most targeted in cybercrime, because of their central role in high-value supply chains and low-tolerance for downtime.Foxconn this week admitted that a cyberattack had affected operations at some of its North American facilities. In a brief statement to Dark Reading, the world's largest contract electronics manufacturer stopped short of describing the attack as a ransomware incident, and did not disclose the scope or the impact of the breach, but confirmed that a malicious actor was behind the incident.Nitrogen Ransomware Gang Claims Credit for Breach"Some of Foxconn's factories in North America suffered a cyberattack," said the company, whose clients include Apple, Nvidia, Amazon, Dell, Google, Huawei, Microsoft, Nintendo, Sony, and Xiaomi. "The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production."Related:Processes & Culture Top Reasons Behind Data BreachesEarlier this week, ransomware group Nitrogen claimed credit for the attack on its leak site, according to threat intelligence firm Hackmanac. The threat actor claimed it had exfiltrated more than 11 million files, amounting to some 8TBs of data, from Foxconn, Hackmanac said. The stolen data allegedly included "confidential instructions, internal project documentation, and technical drawings related to projects involving Intel, Apple, Google, Dell, Nvidia, and other companies," Hackmanac said.Sofia Scozzari, CEO and founder of Hackmanac, tells Dark Reading that the sample files that Nitrogen uploaded to its leak site allegedly included Foxconn financial records, engineering schematics, motherboard and PCB diagrams, server platform documentation, power distribution guidelines, thermal and liquid leakage sensor designs, I3C/I2C topology specifications, and manufacturing process documents. "The exposed materials also reference confidential technical documentation associated with JPMorgan Chase, Google, Intel, NVIDIA, AMD, ASPEED, Renesas, Hewlett Packard Enterprise, and Tencent," Scozzari says. At this stage, there is no confirmation that Foxconn paid a ransom, she says. "However, the company is still listed on the Nitrogen ransomware group's onion leak site, which suggests that either negotiations are ongoing, or the company has decided not to pay the ransom."Related:Windows Zero-Day Barrage Continues After Patch TuesdayManufacturers: A Prime Target for RansomwareIt's unclear how Nitrogen actors gained initial access to Foxconn. But previous investigations into Nitrogen-related campaigns have shown that the group uses SEO poisoning and fake software downloads to distribute malicious installers, often impersonating tools such as Advanced IP Scanner, AnyDesk, WinSCP, or Cisco AnyConnect, Scozzari says.The attack is one of hundreds that have targeted manufacturing companies in recent months. Data that Comparitech has compiled show as many as 600 ransomware attacks on manufacturing companies so far this year, with 55 of those victims confirming the incidents. For those with available data, median ransomware payments hover at $400,000, according to Comparitech.Rebecca Moody, head of data research at Comparitech, says manufacturers are a high-value target for ransomware groups because of the important role they play as suppliers to other companies, and also for the data they hold. With the attack on Foxconn, Nitrogen had two chances of receiving a ransom, she says: one for decrypting the systems, and the other for deleting stolen data belonging to Foxconn's clients."We have seen an influx of attacks on manufacturers over the last year or so, which may suggest they've been pinpointed by some gangs as an 'easier' and more lucrative target," Moody says. A number of gangs appear to have shifted their focus away from previous key targets, like healthcare, to focus on manufacturers. Related:Fuel Tank Breaches Expand Scope of Iran's Cyber OffensiveAttackers know that manufacturers can ill afford downtime, and are perhaps more likely to succumb to ransom payments to have key systems restored, especially when they are part of larger supply chains. "They may also deal with a number of different and high-profile clients — as Foxconn does — providing hackers with a central target to access data from multiple companies and hold this to ransom, too," Moody says. "This supply chain disruption/access to sensitive data from multiple companies also makes them a prime target for state-sponsored hackers — as we saw with Stryker recently," she adds.In a prepared comment, Ismael Valenzuela, Arctic Wolf’s vice president of labs threat research and intelligence, described Nitrogen's Foxconn attack as being different from its usual and highly consistent focus on smaller and medium sized firms tied to industrial operations and supply chains. "These are businesses that keep supply chains running but often lack the depth of security resources found in large enterprises, making them reliable and repeatable targets," he said. Nitrogen's victim profile also shows a clear targeting of shared vendors and common access points, such as managed service providers, remote access tools, or widely used software platforms that connect multiple companies, he added.Arctic Wolf's 2026 "Threat Report" revealed manufacturing to be the most heavily targeted sector for ransomware, with nearly 70% more victims than the next most targeted industry. The targeting reflects reflecting the focus of attackers on organizations where downtime directly halts revenue and production, according to the cybersecurity vendor.Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!About the AuthorJai VijayanContributing WriterIllinois-based Jai Vijayan is a veteran, award-winning technology journalist with more than 25 years of experience covering cybersecurity. His information security reporting has explored everything from ransomware, nation-state threats, and identity security to AI risk, critical infrastructure protection, software supply chain security, cloud security and emerging enterprise technologies. Over the course of his career, Jai has written news stories, feature articles, survey reports, white papers, and e-books for enterprise and technology audiences. He has also moderated panel discussions and executive roundtables featuring CISOs, security researchers, and industry leaders. Jai previously served as senior editor at Computerworld, where he covered information security and data-privacy issues. His work has also appeared in CSO Online, InformationWeek, The Christian Science Monitor Passcode, The Economic Times, and other publications.His work has earned multiple industry honors, including a Joint ASBPE Excellence Award for Best Coverage of Government IT, and a Joint Jesse H. Neal Award for wireless LAN security coverage. Jai holds a Master’s degree in statistics from Bangalore University, and studied broadcasting and electronic communication at Marquette University in Milwaukee. See more from Jai VijayanWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security ManagementAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Credential Security: Intelligence Without ExposureAI-Powered Cybersecurity for Resource-Constrained OrganizationsMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFr