Who is Nitrogen group, what does Foxconn do and what data was hacked? A cyberattack on Foxconn has raised questions about ransomware threats and supply chain risks. Foxconn is a global electronics manufacturer that works with Apple, Google, Nvidia, Sony, and other companies. The company confirmed that some North American facilities were affected by a cyberattack and said production is returning to normal. A ransomware group called Nitrogen claimed responsibility and said it stole millions of files. Security researchers are examining the claims and the possible impact on technology partners and supply chains. The incident shows how cyberattacks can affect global manufacturing operations and data security.Who is Nitrogen group, what does Foxconn do and what data was hacked?Nitrogen is a ransomware group that claimed responsibility for the Foxconn cyberattack. Foxconn is a global electronics manufacturer that builds devices and components for major technology companies. The attackers said they stole millions of files and several terabytes of data. The stolen information may include customer records, product schematics, project files, and financial documents. Investigations into the incident are still ongoing.Who is Nitrogen group?Nitrogen is a double extortion ransomware group that encrypts systems and steals data before demanding payment. The group became known in 2024 and targets supply chain companies in manufacturing, technology, and finance sectors. Researchers say the group often attacks mid-sized companies to gain indirect access to larger organizations.What does Foxconn do?Foxconn is an electronics manufacturing company that produces components and devices for global technology brands. It operates more than 230 factories and offices across 24 countries. The company builds products such as smartphones, hardware components, and infrastructure equipment for major partners around the world.Cyberattack confirmed at FoxconnFoxconn confirmed that some North American facilities experienced a cyberattack. The company said affected factories are resuming normal production. The cybersecurity team started response actions and implemented operational measures to ensure continuity of production and delivery. Foxconn did not share details about the timeline of the attack. The company did not confirm the claims made by the ransomware group. However, the incident triggered investigations by security researchers and industry experts.Ransomware group Nitrogen claims responsibilityThe ransomware group Nitrogen posted a statement on its dark web leak site. The group uses this site to pressure victims to pay ransom. If victims do not pay, the group often releases stolen data.Nitrogen claimed it stole more than 11 million files. The group also said the total data volume is more than eight terabytes. Security researchers from Arctic Wolf reported similar claims from the attackers. The group published sample images to support its claims. These images appear to include product schematics, guidelines, and bank statements.What data was hacked?The attackers claimed they stole more than eight terabytes of data and over 11 million files. The files may include product schematics, project details, internal documents, guidelines, bank statements, and customer information linked to several technology companies. The hackers claim the stolen files include confidential information from Foxconn customers. The list of companies mentioned includes Apple, Dell, Google, Intel, Nvidia, and others.The stolen data may include:Product schematicsProject detailsInternal guidelinesBank statementsCustomer informationResearchers said the attackers claim to have taken schematics from major technology companies. The full extent of the data breach is still under investigation.Why Foxconn is a major target?Foxconn, also known as Hon Hai Technology Group, is a multinational electronics manufacturer. The company produces devices and components for many technology companies. It operates more than 230 factories and offices across 24 countries. Foxconn has a strong presence in the United States. Facilities operate in Wisconsin, Texas, and other states. The company recently signed an agreement to expand its Mount Pleasant site and invest 569 million dollars.Foxconn also signed an agreement with OpenAI. The partnership focuses on design work for AI infrastructure hardware. Foxconn will co-design and engineer data center racks and manufacture networking, cooling, and power systems. Because Foxconn handles sensitive data from many companies, it is a high-value target for ransomware groups. The company stores intellectual property and project data from many global partners.How Nitrogen ransomware operates?Nitrogen is a double extortion ransomware group. This means it encrypts files and steals data before encryption. The group can then demand payment to unlock systems and prevent data leaks. Researchers said Nitrogen became known in September 2024. The group has targeted manufacturing, technology, construction, and financial services sectors.A recent attack used a technique called Bring Your Own Vulnerable Driver. The attackers exploited a vulnerable driver in Topaz Antifraud tracked as CVE-2023-52271. This allowed them to disable antivirus tools in victim networks. Researchers said Nitrogen often targets mid-sized companies connected to supply chains. These companies may have fewer cybersecurity resources. This strategy helps the group access larger organizations indirectly. Nitrogen originally used AlphV ransomware in 2023. The group also has links to the ALPHV or BlackCat ransomware group.Why supply chain companies face ransomware risk?Security experts say ransomware groups are targeting supply chain organizations more often. These companies hold sensitive data from many partners. Foxconn manufactures electronic components and devices for global companies. This makes the company a valuable target for data extortion and ransomware.Threat intelligence experts say attackers focus on companies that support supply chains. Disrupting these companies can affect many organizations at once. Manufacturing is one of the most targeted sectors for ransomware. Attackers often look for companies that store large amounts of intellectual property and operational data.Previous cyberattacks against FoxconnFoxconn has faced cyberattacks in the past. In December 2020, the DoppelPaymer ransomware group attacked a Mexican facility. The attackers demanded 1,804 bitcoin as ransom. In May 2022, the LockBit ransomware group attacked another Foxconn facility in Mexico. The attack disrupted production. In 2024, LockBit attacked Foxsemicon Integrated Technology, a Foxconn subsidiary. The attackers claimed data breaches and defaced systems. These incidents show repeated targeting of the company by ransomware groups.Encryption flaw in Nitrogen ransomwareResearchers said Nitrogen ransomware has a design flaw. The flaw makes it impossible to decrypt files after encryption. This means data may remain locked even if attackers want to restore access. It is not clear if this flaw affected the Foxconn incident. Investigations are still ongoing.Foxconn response and ongoing investigationFoxconn said its cybersecurity team activated response initiatives quickly. The company implemented operational measures to maintain production and delivery. The company said affected factories are resuming operations. Investigations into the attack and the claims continue. The incident highlights the risks of ransomware and data extortion. Cybersecurity experts say such threats continue to grow across industries.FAQsQ1. What is Nitrogen ransomware and how does it work?Nitrogen is a ransomware group that encrypts files and steals data before encryption. It threatens to release stolen information if victims refuse to pay ransom demands.Q2. Why do ransomware groups target manufacturing companies like Foxconn?Manufacturers store intellectual property and supply chain data from many partners. Attackers target them because a single breach can expose multiple companies and disrupt production worldwide.