Apple Supplier Foxconn Hit by 8 TB Ransomware Attack

Apple manufacturing partner Foxconn has acknowledged that several of its US factories were recently targeted in a cyberattack after a ransomware group claimed to have stolen confidential Apple project files. The Nitrogen hacking group announced the breach on its data leak site, disclosing that they had obtained 8 TB of data, including over 11 million files. Apart from Apple-related files, the hackers also acquired technical drawings and internal project documents from other Foxconn partners like Nvidia, Google, Dell, and Intel.

Foxconn confirmed the cyberattack on its North American factories, including the Mount Pleasant facility in Wisconsin, but did not specify the extent of customer data stolen. Despite the breach, Foxconn’s cybersecurity team promptly responded and implemented measures to ensure production continuity. The affected factories have since resumed normal operations.

While Foxconn is a key Apple assembly partner, Apple prioritizes the security of unreleased product information. The Cupertino company restricts the sharing of data with suppliers to the minimum necessary for their manufacturing role. The breach at the Wisconsin plant, which focuses on data center infrastructure and high-performance computing hardware rather than consumer electronics, may not have exposed significant Apple-related data.

Although Apple maintains stringent security measures, previous incidents have seen its supply chain partners fall victim to cyberattacks. In December 2025, a Chinese Apple assembly partner was targeted, followed by an attack on Apple partner Luxshare in January 2026.

Analysis by AppleInsider revealed that the stolen files included financial documents from Foxconn’s Houston facility and documentation on temperature sensors, integrated circuits, and board layouts. The exposed data also encompassed network topology documentation for AMD, Intel, and Google projects, detailing server processors and components.

Contrary to the hackers’ claims, the examined files did not directly relate to Apple’s existing or future projects, indicating the facility’s detachment from Apple’s primary assembly operations. Nitrogen, an offshoot of the Conti 2 ransomware code, follows a double-extortion model, encrypting data and threatening to leak it unless a ransom is paid.

The cyberattack on Foxconn’s Mount Pleasant facility resulted in a network outage, temporarily halting production. While operations have resumed, the full extent of the data breach and the amount of Apple-related information compromised remain uncertain.

As investigations continue, the aftermath of the cyberattack underscores the importance of robust cybersecurity measures in safeguarding sensitive data within supply chains. Stay tuned for updates as more information unfolds.