Hackers claim 11M files from major Apple and Nvidia partner days after Wisconsin plant suffers “IT outage”
Foxconn, one of the world’s leading electronics makers, has been listed on a dark web blog, with attackers allegedly posting component details for Google and Intel products. Last week, Foxconn’s Wisconsin site suffered a network outage. Foxconn indicated several North American plants were impacted.
-
Nitrogen ransomware gang claims to have stolen 11 million files containing confidential Apple, Nvidia, Google, and other brands' component designs and schematics.
-
Foxconn's Wisconsin manufacturing plant experienced a multi-day IT outage in early May, halting production and forcing employees offline during the incident.
-
Leaked hardware schematics could enable competitors to reverse-engineer products or help threat actors discover exploitable zero-day vulnerabilities in components.
-
Nitrogen operates as a ransomware-as-a-service group linked to Eastern European operators and possibly connected to the BlackHat/ALPHV ransomware cartel.
The Taiwanese multinational manufacturer was listed on the Nitrogen ransomware gang’s dark web blog earlier this week. The threat actors claim they siphoned 8TB of data from Foxconn, amounting to a staggering 11 million files.
“These include files such as confidential instructions, projects, and drawings from Intel, Apple, Google, Dell, Nvidia, and many other projects,” reads Nitrogen’s dark web post.
Meanwhile, our research team has investigated the data sample that the attackers attached to their Foxconn data breach post. They attached screenshots of what they claimed were documents from the major electronics maker. According to the team, the photo samples reveal:
- Hardware component descriptions
- Schematics
- Investment documentation
- Financial operation documentation
Our team noted that at least some of the data samples indeed match the attackers' claims, as they depict components manufactured for Google. However, an initial review does not support the attackers’ claims about the breach affecting Apple, Dell, or Nvidia.
Our researchers believe that, if confirmed, the leak could seriously impact Foxconn's customers. For one, leaked documents could be used by competitors or counterfeiters worldwide.
“More dangerously, threat actors could use leaked schematics and component info to scope for zero-day vulnerabilities, later exploiting without anyone’s knowledge,” our team explained.
Is the Foxconn data breach related to the Wisconsin outage?
Interestingly, Foxconn has recently had issues with its IT systems in the US. According to media reports, Foxconn’s Mount Pleasant campus in Wisconsin recently had to shut down its systems, impacting the manufacturing center’s daily operations.
Foxconn shared a statement with Cybernews, saying that several North American factories were impacted by the cyberattack.
“Some of Foxconn's factories in North America suffered a cyberattack. The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production,” Foxconn said.
The company did not reply to queries about Nitrogen claims and a cyberattack on Mount Pleasant campus factory.
Reportedly, assembly operators and office workers at Mount Pleasant noted that the disruption brought production to a complete standstill, with some employees unable to work for several days. The company supposedly described the issue as an “IT network problem.”
Employees claim the issues with the network began on the first day of May and persisted through the first weekend of the month. The issues were harsh enough that employees were advised to use personal hotspots for internet connection.
Check if your data has been leaked
While we don’t have any confirmation that the Mount Pleasant campus disruption and Nitrogen listing Foxconn on its dark web blog are related, the long downtime and halted operations are a telltale sign of a ransomware attack.
Threat actors often disrupt manufacturing capabilities, forcing companies to negotiate ransom payments out of fear that downtime will affect client orders.
In a statement to TMJ4, Foxconn explained that its “IT systems in Wisconsin sites experienced a technical issue affecting operations.”
“We immediately activated our emergency response mechanism and implemented a series of contingency measures to ensure the continuity of production and delivery, as well as the protection of data,” the company said.
First spotted in 2023, Nitrogen is a classic ransomware-as-a-service (RaaS) group. The group operates a double extortion operation, exfiltrating victims' data and encrypting its systems to push targets into paying ransom.
It's unclear who’s behind the group, but researchers believe Nitrogen is linked with ransomware operators in Eastern Europe. Some of its operators may be associated with the infamous BlackHat/ALPHV ransomware cartel.
Updated on May 13th [12:15 p.m. GMT] with a statement from Foxconn.
Unlock more exclusive Cybernews content on YouTube.
