Foxconn Recovers from Nitrogen Ransomware Attack Disrupting North American Factories Taiwanese electronics giant Foxconn has restored normal production at its North American factories following a cyberattack that disrupted operations. The company, which manufactures products for major tech firms like Apple, Google, and Microsoft, confirmed the incident but did not disclose how many of its facilities located in Wisconsin, Ohio, Texas, Virginia, Indiana, and Mexico were affected. A Foxconn spokesperson stated that its cybersecurity team activated emergency protocols to maintain production and delivery continuity, though employees at a Wisconsin plant reported Wi-Fi outages and manual workarounds starting Friday. Computers were offline, forcing staff to rely on paper records until systems were restored. The Nitrogen ransomware gang claimed responsibility for the attack, alleging it stole 8 terabytes of data, including sensitive technical files from multiple tech companies. Cybersecurity researchers link Nitrogen to the defunct Conti ransomware, describing it as a financially motivated group active since 2023. Foxconn, which reported $258.3 billion in 2025 revenue, has been a frequent ransomware target. Previous attacks include a 2024 LockBit breach on its semiconductor division and incidents in Mexico in 2020 and 2022. The latest disruption underscores the persistent cyber threats facing global manufacturing supply chains.

Ransomware Attacks Rise in May 2026, With Education and Retail Sectors Hit Hardest Ransomware attacks increased by 3% in May 2026, with 661 incidents recorded up from 640 in April though still below the higher volumes seen earlier in the year. While overall activity remained relatively stable, certain sectors experienced sharp spikes, while others saw notable declines. ### Sector-Specific Trends - Education saw the most dramatic surge, with attacks jumping 54% (from 13 to 20). - Food and beverage (+80%), retail (+19%), transportation (+20%), and technology (+29%) also faced significant increases. - Healthcare and utilities saw the steepest drops, with attacks falling 21% and 29%, respectively. Of the 48 confirmed attacks in May: - 35 targeted businesses, including 11 in manufacturing the most affected subsector. - 7 hit government entities, with France, Spain, Croatia, Senegal, and Thailand among the victims. - 5 impacted educational institutions, including Universitat de València (Spain) and Delano Public Schools (US). - 1 affected a healthcare provider Central Medical Services of Westrock (CMSW) in the US, breached by INC, which later auctioned 200–300 GB of stolen data. ### Most Active Ransomware Groups - Qilin led with 97 attacks, including 9 confirmed targeting entities in Australia, France, Germany, Spain, and the US. - The Gentlemen followed with 71 attacks (4 confirmed), while DragonForce claimed 51 attacks, allegedly stealing 20.8 TB of data the largest volume reported. - Other groups with notable activity included SafePay (+160%), Nova/RALord (+213%), Play (+325%), and Genesis (+1600%). ### Geographic Impact The US remained the top target, accounting for 272 attacks (+6% from April), followed by Canada (31), the UK (28), and Germany (26). Spain saw a 28% increase, while the UK and Germany experienced declines. ### Data Breaches and Financial Demands - Nearly 115 TB of data was stolen across all attacks in May. - Manufacturing firms faced high ransom demands, including $4.48 million from an Italian company (UnoAerre Industries) and 8 TB of stolen data from Foxconn North America (claimed by Nitrogen). - Notable breaches included: - Unimed (Germany): 120,000+ affected, including 54,000 patients from Baden-Württemberg hospitals. - Cardinal Services (US): Two separate attacks (June and August 2025) impacted 142,000+ people. - Western Orthopaedics (US): 113,000+ patients notified after a 1.7 TB data theft in September 2025. ### Year-to-Date Trends - Businesses saw 3,090 attacks (Jan–May 2026), a 13% increase from the same period in 2025. - Healthcare recorded 208 attacks (+10% YoY), while government attacks dropped 21% (145 total). - Education experienced 88 attacks (-25% YoY). The data highlights shifting ransomware tactics, with threat actors increasingly targeting high-impact sectors while some industries see temporary reprieves.

Cyberattack Targets Apple Supplier in China, Raising Production Concerns In mid-December, a sophisticated cyberattack struck an undisclosed Apple subcontractor operating in China, potentially disrupting production and exposing sensitive data. While details remain scarce, the incident mirrors past disruptions—such as the 2018 malware attack on TSMC, which halted chip production for Apple—suggesting possible delays in device manufacturing. The motives behind the attack are unclear. Hackers may have sought proprietary information on Apple products or manufacturing processes, or deployed ransomware to extort the supplier, with Apple potentially pressured to intervene to avoid production slowdowns. The compromised data could range from iPhone specifications to internal operational procedures. Apple relies on a vast network of suppliers, including major players like Foxconn, Pegatron, and Wistron, but the identity of the targeted company has not been disclosed. The incident underscores the vulnerabilities in global supply chains, where even a single breach can ripple through production pipelines, impacting product availability. Further updates on the attack’s scope and impact are pending.

Smartphone manufacturing giant Foxconn was targeted in a ransomware attack by the DoppelPaymer ransomware group in November 2020 where the attackers stole unencrypted files before encrypting devices The attackers targeted Foxconn's North America facility and encrypted about 1,200 servers, stole 100 GB of unencrypted files, deleted 20-30 TB Of backups, and shut its website down. The attackers demanded a ransom of about 1804.0955 BTC that's approximately $34,686,000.