Menu
Browse

Cyber Incident Victim: Hon Hai Precision Industry Co., Ltd.

Date:

May 2026

Location:

Taiwan

Summary

Foxconn confirmed a cyberattack that disrupted some of its North American factories, though production has since resumed. The ransomware group Nitrogen claimed responsibility, stating it stole over eleven million files, including confidential data from customers such as Apple, Google, Nvidia and others, and published sample screenshots of schematics and financial documents as proof. Nitrogen operates as a double‑extortion ransomware gang, encrypting systems while also exfiltrating data to threaten leakage. The company has not provided detailed answers to inquiries about the incident.

CIA Posture Motives Tactics, Techniques & Procedures
Available to members 1 motive 1 technique
Threat Actor Type Location
1 actor Available to members Available to members

Description

Foxconn confirmed on Monday that it had been hit by a cyberattack that affected facilities in North America, stating that the affected factories are currently resuming normal production. The company disclosed the incident in a statement sent to media outlets, acknowledging the breach without providing further technical details about the attack vector or timeline. Foxconn’s acknowledgment came after ransomware group Nitrogen claimed responsibility for the breach on its dark web leak site.

Cyber Incident Image

Nitrogen’s statement on the leak site asserted that it had stolen over 11 million files, including confidential information belonging to Foxconn customers such as Apple, Dell, Google, Intel, Nvidia, and others. As proof of the theft, the group published several images that appear to show product schematics, operational guidelines, and bank statements. Nitrogen described itself as a double‑extortion ransomware group, explaining that it first encrypts files to render them inaccessible to victims and also exfiltrates the data beforehand to threaten public release if a ransom is not paid. This dual approach gives the attackers two potential monetization paths: encryption‑based ransom demands and leakage‑based extortion.

Foxconn did not immediately respond to a series of specific questions posed by media outlets regarding the attack’s scope, impact on data systems, or any remedial measures taken beyond the statement about production resumption. The lack of a detailed response left unanswered questions about the exact nature of the compromised data and the steps taken to contain the incident. The incident remains as described in the available sources, with no additional factual details provided beyond the claims and statements outlined above.

Sources
Sources available to members
6 sources