## Foxconn Under Siege: Nitrogen Group Claims Responsibility A ransomware group known as **Nitrogen** is attempting to extort **Foxconn**, claiming to have stolen a massive 8 terabytes of data. The attackers allege the data includes sensitive schematics and project details belonging to **Foxconn**'s high-profile clients, including **Dell**, **Google**, **Apple**, and **Nvidia**. **Foxconn** has acknowledged a recent cyberattack affecting some of its North American factories, stating that affected facilities are resuming normal production after outages. However, the company has not yet confirmed the validity of the **Nitrogen** group's claims. ## Supply Chain Vulnerabilities in the Crosshairs **Foxconn**'s position as a key manufacturing contractor for electronic components and entire devices, including **Apple**'s iPhones, makes it a particularly attractive target for ransomware and data extortion actors. The company holds not only its own intellectual property but also that of its customers, amplifying the potential impact of a successful attack. Allan Liska, a threat intelligence analyst at **Recorded Future**, notes that ransomware groups are increasingly targeting victims that can impact the supply chain. "It’s unsurprising that a company like Foxconn would be targeted, since it does manufacturing and holds sensitive data for so many companies around the world," he says. ## Nitrogen Group: Emerging Threat with ALPHV/BlackCat Connections The **Nitrogen** group, which emerged in 2023, listed **Foxconn** on its breach site on Monday. While not the most prolific ransomware actor, **Nitrogen** has been steadily active, with activity spikes observed at the end of 2024. The group primarily targets victims in North America and Western Europe and has been linked to the notorious **ALPHV/BlackCat** ransomware group. Ian Gray, vice president of intelligence at **Flashpoint**, states, "While reports indicate that Nitrogen has been active since 2023, our first observation of their activity was in 2024, targeting Control Panels USA. We have observed approximately 50 victims since launching, primarily targeting manufacturing, technology, and retail. Manufacturing is one of the most-targeted sectors for ransomware in general." ## Foxconn: A Recurring Target **Foxconn** has been targeted by ransomware attacks multiple times in the past. In December 2020, a Mexican facility was hit by the DoppelPaymer ransomware group, which demanded 1,804 bitcoin (worth roughly $34 million at the time). The LockBit group also attacked another **Foxconn** facility in Mexico in May 2022, disrupting production. More recently, LockBit targeted a subsidiary called Foxsemicon Integrated Technology in 2024. ## Flawed Encryption: A Silver Lining? In addition to data extortion, **Nitrogen** often deploys traditional ransomware to encrypt systems. However, researchers have discovered a design flaw in **Nitrogen**'s encryption mechanism that makes data decryption impossible, even if the attackers provide a key. It remains unclear whether this flaw is a factor in **Foxconn**'s incident response. ## The Broader Ransomware Landscape Ransomware and data extortion remain a persistent threat, with attackers frequently targeting repeat victims and employing increasingly disruptive tactics. The recent attack on education tech firm **Instructure**, which paralyzed thousands of schools, underscores the widespread impact of these attacks.