Nitrogen Gang Puts a Price on Half of Big Tech After Breaching Foxconn
Foxconn confirmed a May 13, 2026 cyberattack on its North American plants; the Nitrogen ransomware crew claims 8TB and 11 million-plus files implicating Apple, Nvidia, Intel, Google and AMD.
TL;DR — Foxconn confirmed a ransomware attack on its North American factories on May 13, 2026; the Nitrogen gang claims it stole 8 terabytes and over 11 million files, including drawings tied to Apple, Nvidia, Intel, Google and AMD.
Compromise the assembler and you compromise the customers. Foxconn builds hardware for most of the industry, so a breach at its North American operations is not contained to Foxconn — it reaches every client whose designs sit on its servers. That is the structural exposure the Nitrogen ransomware group is now monetizing.
The confirmed facts are narrow
Foxconn's disclosure is deliberately minimal. The company confirmed the incident on May 13, 2026, per BleepingComputer, stating: "Some of Foxconn's factories in North America suffered a cyberattack. The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery."
That is the extent of the verified record. Foxconn has not confirmed any data loss. Everything about the scope of theft originates with the attackers and with researchers reading their leak site.
The attacker's ledger
Nitrogen claimed the operation on May 11, posting figures to its dark-web leak portal:
- 8 terabytes exfiltrated
- More than 11 million documents
- "Confidential instructions, projects and drawings" attributed to Foxconn's customers
The client list is the payload's value. The Register reports Nitrogen named Apple, Dell, Google, Intel, Nvidia and AMD. TechCrunch corroborated the scope, and AppleInsider said it confirmed Apple server schematics in the trove.
| Claim | Detail |
|---|---|
| Group | Nitrogen (active since 2023) |
| Data volume | 8 TB / 11M+ files |
| Tactic | Double extortion (steal + encrypt) |
| Named victims' data | Apple, Dell, Google, Intel, Nvidia, AMD |
| Affected sites | North American factories (reportedly Wisconsin, Texas) |
Double extortion changes the math
Nitrogen exfiltrates before it encrypts. That sequencing is the point: a clean backup restores operations but does nothing about the copy already in the gang's hands, which it can publish on demand. Foxconn can have production fully online while its clients' intellectual property remains a live hostage — two separate problems with two separate clocks.
The model fits the macro trend. Ransomware has stabilized at an elevated baseline; CRIL logged 702 ransomware incidents globally in March 2026 alone. The operators have shifted from fast encryption payouts to leverage built on stolen data.
The exposure that has no opt-out
The critical detail: none of the named tech firms was breached. Their schematics surfaced because a manufacturing partner was compromised. An organization can run a flawless perimeter and still find unreleased server designs on a leak forum because a vendor several tiers down was the entry point.
This is the defining security problem of the period. The attack surface is no longer the perimeter — it is the trust extended to everyone operating inside it.
FAQ
Did Foxconn confirm Apple and Nvidia data was stolen?
No. Foxconn confirmed only a cyberattack on its North American factories. The claims about Apple, Nvidia and other clients' data come from the Nitrogen ransomware group, with partial corroboration from outlets such as AppleInsider, which reported confirming stolen Apple server schematics.
What is double-extortion ransomware?
An attack that steals data first, then encrypts the victim's systems. Restoring from backups recovers operations, but attackers still hold the exfiltrated data and threaten to leak it unless paid — so backups alone do not neutralize the threat.
How were major tech companies' files exposed without being hacked?
Through supply-chain exposure. The companies were not breached directly. Their designs were held by Foxconn as a manufacturing partner, and Foxconn was the compromised party.
Sources: BleepingComputer, The Register, TechCrunch, AppleInsider.
Image: Foxconn, Public domain, via Wikimedia Commons.
← Back to all posts