THE CIRCUITRYYour one-stop source for all tech news

Home/Tech/Foxconn Confirms Ransomware Attack on North American Factories

VERIFIEDBy Xavier Rivera· ·2 min read

Foxconn Confirms Ransomware Attack on North American Factories

Foxconn confirms some of its North American factories suffered a cyberattack after Nitrogen claimed to steal 8TB of data including schematics from Apple and other customers. The incident is the latest in a series of ransomware attacks on the manufacturer though the affected plants are now resuming normal production.

Source:9to5Mac

Post

Foxconn Confirms Ransomware Attack on North American Factories

TL;DRAI · 60 sec read

Foxconn acknowledges that some of its North American factories suffer a cyberattack in recent days. The confirmation follows the ransomware group Nitrogen claiming to have stolen 8 TB of data from the company, according to WIRED.

The ransomware group attempts to extort the electronics manufacturing giant Foxconn. It claims the stolen data includes schematics and project details from customers including Dell, Google, Apple, and Nvidia. Foxconn serves as one of Apple’s main manufacturing partners for the iPhone and other devices.

This is not the first ransomware incident involving Foxconn in recent years. In 2020 a Foxconn facility in Ciudad Juárez, Mexico encounters an attack that encrypts servers, steals data, and includes a bitcoin demand worth roughly $34.6 million at the time. The DoppelPaymer ransomware group demands 1,804 Bitcoin worth roughly $34 million at the time.

The LockBit group hits another Foxconn facility in Mexico in May 2022 and disrupts production. Most recently LockBit attacks a subsidiary called Foxsemicon Integrated Technology in 2024 with defacements and data breach claims.

From The CircuitryThe Feed — live briefs across tech, all day.See what’s happening →

The affected plants this time include the Mount Pleasant factory in Wisconsin and a facility in Houston, Texas. The outage first surfaces on Friday, May 1 when workers at the Mount Pleasant campus report a full network collapse. Wi-Fi is gone by 7:00 AM and the disruption spreads through core plant infrastructure.

One worker who asks not to be identified says they are told to turn off their computers and not log back in under any circumstances. The timecard terminals are dead. Workers fill out paper timesheets just to track their hours.

Nitrogen posts a set of sample files allegedly taken from Foxconn. Apple-related materials do not appear to be present in them. The Mount Pleasant facility primarily produces televisions and data servers rather than Apple devices.

Foxconn has not confirmed the scope of the incident. The company tells WIRED that the affected factories are currently resuming normal production.

Why this mattersAI · ~100 words

Tap a lens to see what this story means for you.

Reader-supported

DonateBuy me a coffee →Follow@thecircuitry_ →Follow@thecircuitry.to →

Reader-supported · Daily Brief

Daily brief at 7 AM ET. Top tech stories, every morning. Sourced and fact-checked.

HELP US IMPROVE

Reader-supported

The Circuitry is a passion project I've always wanted to build, and I love the work behind it.

Running it costs real money. APIs, hosting, time. To keep improving the site and growing this into something useful for everyone, those costs have to be covered.

Any contribution is appreciated. If not, no pressure. Thanks for reading.

Buy me a coffee

Apple Foxconn Ransomware Cybersecurity

MORE IN TECH

Qualcomm launches Dragonfly C1000 CPU for data centers with Meta as key client

Qualcomm introduced its Dragonfly C1000 data center CPU engineered for agentic AI on Wednesday and confirmed Meta as a customer once production begins in 2028. The announcement underscores the mobile-centric chipmaker's drive into higher-growth data center segments where energy efficiency has become a decisive factor amid surging AI-agent workloads.

Google to lower Play Store fees in US, Europe, UK on June 30

Google is set to implement lower Play Store fees and external payment options in Europe, the UK, and the US starting June 30 as part of its Epic Games settlement. The changes introduce a 10 percent service fee on the first $1 million in annual earnings for small developers and expand globally through 2027.

CISA Warns Hackers Are Actively Exploiting Severe Ubiquiti Flaws

CISA placed three severe Ubiquiti UniFi OS vulnerabilities and one critical Lantronix command injection flaw into its Known Exploited Vulnerabilities catalog on June 23, 2026, after confirming active attacks. Federal agencies must apply patches or mitigations within three days under BOD 26-04, while Bishop Fox demonstrated the Ubiquiti issues can be chained for full remote code execution and released a free detection script.