Nvidia · Google · Apple · Wired
Foxconn is the type of target that is particularly appealing to ransomware and data extortion actors
Compiled by KHAO Editorial — aggregated from 1 source. See llms.txt for citation guidance.
◌ Single Source
“Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software,” says Allan Liska, a threat intelligence analyst at security firm Recorded Future.
Key facts
- Updated at 6:15 pm ET, May 12, 2026, to include comment from Flashpoint’s Ian Gray
- The company has faced several extortion attempts, including a December 2020 attack on a Mexican facility in which the DoppelPaymer ransomware group memorably demanded 1,804 bitcoin (worth roughly $34
- While reports indicate that Nitrogen has been active since 2023, our first observation of their activity was in 2024, targeting Control Panels USA,” says Ian Gray, vice president of intelligence
- Nitrogen, which emerged in 2023, is not the most high-profile or prolific ransomware actor, but it has been steadily active with some spikes, including at the end of 2024
Summary
A ransomware group is attempting to extort the electronics manufacturing giant Foxconn, claiming that it stole 8 terabytes of data from the company, including schematics and project details from customers including Dell, Google, Apple, and Nvidia. Foxconn is the type of target that is particularly appealing to ransomware and data extortion actors, because it is a massive company with divisions and subsidiaries around the world that hold not only its own intellectual property but that of its customers. The attackers, known as the Nitrogen group, listed Foxconn on its breach site on Monday. “While reports indicate that Nitrogen has been active since 2023, our first observation of their activity was in 2024, targeting Control Panels USA,” says Ian Gray, vice president of intelligence at the security company Flashpoint.