Foxconn, a critical supplier for major hardware companies including Apple and Nvidia, confirmed Tuesday that a cyberattack struck its North American operations. And the group behind the attack claims to have walked away with a trove of sensitive data touching some of the world’s biggest tech companies.
That could include Apple files, but it’s difficult to say which ones and how important they are.
Nitrogen ransomware attack on Foxconn
The ransomware group Nitrogen claimed on Monday that it exfiltrated 8 terabytes of data from Foxconn — roughly 11 million files, according to The Register, Wired and other outlets. Stolen information reportedly included confidential instructions, internal project documentation and technical drawings related to projects involving Apple, Intel, Google, Dell and Nvidia, among others.
“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery,” a Foxconn spokesperson said in a statement. “The affected factories are currently resuming normal production.”
The company declined to specify the facilities affected.
On the ground: network collapse at a U.S. plant
Photo: Puddingworld, CC BY-SA 4.0/Wikimedia Commons
The cyberattack caused a network outage at Foxconn’s facility in Mount Pleasant, Wisconsin, in early May that disrupted production for about a week. Per reports, the facility’s network began experiencing issues on May 1, with Wi-Fi cut off at 7 a.m. and disruptions spreading through core plant infrastructure by 11 a.m.
Workers described orders to shut down computers and not log back in under any circumstances. Time card terminals died and employees had to fill out paper timesheets to track their hours. Additional disruptions cropped up at Foxconn facilities in Houston, Texas.
What did the hackers actually steal — and should Apple users worry?
Despite Nitrogen’s claims about Apple files, analysts who reviewed sample data posted by the group found reason for Apple users to breathe easier. The stolen files appear to include financial documents related to the Houston facility, documentation for Foxconn temperature sensors, integrated circuits and board layouts, as well as network topology documentation for AMD, Intel and Google projects. And the sample set seems to contain files related to Foxconn’s electrical engineering team more than anything else.
That leaves little reason to think the stolen files directly link to existing or future Apple projects. That’s no big surprise. Foxconn’s Mount Pleasant facility primarily manufactures televisions and data servers, not Apple devices.
Apple famously takes the secrecy of unreleased products extremely seriously. And suppliers typically receive only the technical information needed for their specific role in manufacturing.
That said, the broader data theft is not trivial. Analysts said Google and Intel topology specs cause the biggest concern. They can be used to locate and exploit vulnerabilities in data centers.
Who is Nitrogen — and is paying the ransom even an option?
Photo: Apple
Experts believe Nitrogen branched off from leaked Russia-based Conti 2 ransomware code and has been active since 2023. The group is known for a double-extortion model — encrypting data and threatening to publish it.
In a bleak twist for Foxconn, researchers at Coveware warned in February that a programming error prevents the group’s decryptor from recovering victims’ files. That could render paying the ransom essentially futile.
A familiar target
This is far from Foxconn’s first brush with ransomware. LockBit hit it in 2022 and 2024. In 2020, the DoppelPaymer group demanded 1,804 Bitcoin — worth roughly $34 million at the time — in an attack on a Foxconn facility in Ciudad Juárez, Mexico. Apple’s supply chain has faced a broader wave of attacks in recent months.
An Apple assembler in China got hit in December 2025. And Luxshare faced similar incidents. The pattern underscores an uncomfortable reality for Apple and its customers. Even when Apple’s own systems remain secure, its manufacturing partners remain attractive and vulnerable targets.
Apple has not commented on the Foxconn incident.
David Snow, an expert on Apple hardware and software, writes on a variety of technological and cultural topics for Cult of Mac. They include Apple news, technology buying guides, and features about computer setups and Apple TV shows and movies.
With 30 years of experience covering technology and other subjects, he has written and edited for numerous print and online publications, including CMP Media, TechTV.com, CNET, Wired News, Red Herring magazine, Law.com, The National Law Journal and Law Technology News magazine. Among other roles, he served as executive editor of the Law.com network of websites and editorial director, technology, for ALM Media.
Snow graduated with a B.A. from Syracuse University with majors in magazine journalism and psychology. While there, he worked as a reporter for The Daily Orange newspaper and associate editor of Equal Time magazine.
Founder of the blog At the Waterline, he can be reached on X (formerly Twitter) via @atthewaterline and on Mastodon via @dsnow.
