Foxconn Ransomware Attack Exposes 8TB of Apple and Intel Project Files

Foxconn has confirmed a major cyberattack on several of its U.S. factories following claims by the Nitrogen ransomware group that it stole 8TB of confidential data. The stolen cache allegedly includes unreleased Apple project files, exposing a critical vulnerability in the tech giant's highly secretive supply chain. This breach highlights the growing threat to manufacturing infrastructure, where attackers target the weakest links to extract data from multiple tech conglomerates at once.

The Nitrogen group posted details of the breach on its data leak site this week, claiming to have exfiltrated more than 11 million files. Alongside the Apple data, the hackers assert that the trove contains internal project documentation and technical drawings belonging to Intel, Google, Dell, and Nvidia. Foxconn acknowledged the intrusion in a statement to The Register, though the manufacturer declined to specify whether customer data was definitively compromised.

A Foxconn spokesperson stated that the company's cybersecurity team immediately activated response measures to maintain production lines. All affected U.S. facilities are currently resuming normal operations. While Foxconn assembles a vast array of Apple hardware, Apple strictly compartmentalizes its manufacturing data, meaning suppliers typically only possess the specific technical schematics required for their isolated role in the assembly process.

Nitrogen is widely believed to be an offshoot utilizing leaked code from the Russia-based Conti 2 ransomware operation. However, victims of this specific group face a catastrophic technical hurdle. According to a February warning from cybersecurity researchers at Coveware, a critical bug exists within Nitrogen's ESXi encryptor.

This encryption flaw means that file recovery is technically impossible, even if a victim decides to pay the ransom demand. Because the decryption keys generated by the flawed software cannot successfully restore the corrupted data, affected organizations are forced to rely entirely on offline backups. This is not Foxconn's first encounter with severe ransomware; the manufacturing giant previously suffered breaches by the LockBit gang in both 2022 and 2024.

This Foxconn ransomware attack underscores a fundamental shift in how cybercriminal cartels approach hardware giants. Instead of attempting to breach Apple's heavily fortified internal networks, attackers are increasingly targeting the manufacturing floor. By hitting a central assembler like Foxconn, a single successful intrusion yields leverage over multiple trillion-dollar companies simultaneously.

Furthermore, the fatal bug in Nitrogen's ESXi encryptor completely breaks the traditional ransomware business model. When paying the ransom guarantees zero data recovery, victims have absolutely no financial incentive to negotiate. This reality forces companies to shift their entire cybersecurity budget from post-breach mitigation and ransom reserves into aggressive, zero-trust supply chain hardening.