Foxconn has confirmed a cyberattack on its North American factories. The Nitrogen ransomware group posted the attack on its own leak site. The criminals claim to have stolen 8 TB of data, including confidential project documentation from Apple, Nvidia, and other major tech companies. The affected factories are now in the process of restarting operations.
Foxconn is a key supplier for Apple, Nvidia, and other major hardware companies. It confirmed the attack on Tuesday. A spokesperson stated that several North American factories were affected but have since resumed normal production.
Foxconn declined to confirm whether customer data was actually stolen. This is notable, as Nitrogen claims to have stolen more than 11 million files containing confidential instructions, internal project documentation, and technical drawings of projects at Intel, Apple, Google, Dell, and Nvidia.
Nitrogen: active since 2023, derived from Conti
Nitrogen has been around since 2023 and is believed to be one of several ransomware variants built on the leaked source code of the Conti 2 builder, according to The Register. This links the group to criminal groups that have previously delivered on their promise to actually restore encrypted data. In early February, Coveware already warned that a programming error in Nitrogen’s ESXi encryptor makes it impossible to recover encrypted files, even after paying the ransom. Veeam confirmed this in its own analysis. The master public key is corrupted during encryption, meaning that even the attackers themselves do not have a working decryption key.
Once a cyberattacker gains a reputation for failing to honor agreements after a compromise, it becomes exceptionally illogical for an affected organization to pay the ransom. This can lead to the group disbanding and regrouping. There are plenty of options at the moment, as no single cybercrime group currently holds a dominant market share.
The true value of the stolen information is also unclear. While confidential documentation from companies like Apple and Nvidia obviously sounds lucrative, it is not necessarily the case that the data is actually usable elsewhere. Additionally, these companies have an incentive to limit the IP they disclose to a supplier to what is strictly necessary to share.