Axortex

The culture of tech, food & beauty

← Tech
Tech

The Factory That Builds Everyone's Secrets Just Got Robbed

A ransomware crew called Nitrogen claims it walked off with 8 terabytes from Foxconn — and inside that haul, allegedly, sit the schematics of Apple, Nvidia and four other tech giants who were never hacked at all.

TL;DR — Foxconn confirmed a ransomware attack on its North American factories on May 13, 2026; the Nitrogen gang claims it stole 8 terabytes and over 11 million files, including drawings tied to Apple, Nvidia, Intel, Google and AMD.

There is a peculiar kind of trust that holds the consumer-electronics world together, and almost nobody outside the industry thinks about it. When Apple designs a server, or Nvidia draws up a board, the actual metal gets bent somewhere else — most often inside the cavernous plants of Foxconn, the Taiwanese contract manufacturer that quietly assembles a startling fraction of the gadgets in your life. To do that job, Foxconn has to hold the blueprints. Which means that the safest, most paranoid company in the world is only ever as secure as the factory it hands its secrets to.

In May 2026, that arrangement showed its seams. A ransomware crew calling itself Nitrogen began boasting, on a dark-web leak site, that it had cracked Foxconn open and made off with a haul big enough to fill the imaginations of half of Big Tech.

A confirmation, and a conspicuous silence

Foxconn's own account of what happened is almost aggressively brief. As BleepingComputer reported, the company acknowledged the incident on May 13, 2026, with a statement built to reassure shareholders rather than illuminate the public: "Some of Foxconn's factories in North America suffered a cyberattack. The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery."

Read it again and notice what isn't there. Foxconn confirmed that someone broke in. It said nothing — not a syllable — about what left with them. For that, you have to turn to the people who did the breaking, and to the researchers picking through their leak site. The gap between the corporate statement and the criminals' boast is, in a sense, the entire story.

The boast, and the brand names

Nitrogen claimed the job on May 11, and the figures it posted are the kind that make security analysts wince. Per The Register, the gang says it pulled 8 terabytes of data and more than 11 million documents — "confidential instructions, projects and drawings" it attributes to Foxconn's clients.

And the clients are what turn a routine breach into a headline. Nitrogen named Apple, Dell, Google, Intel, Nvidia and AMD. TechCrunch's reporting later backed up the scope, and AppleInsider went further, saying it independently confirmed that Apple server schematics were sitting in the stolen files.

Claim Detail
Group Nitrogen (active since 2023)
Data volume 8 TB / 11M+ files
Tactic Double extortion (steal + encrypt)
Named victims' data Apple, Dell, Google, Intel, Nvidia, AMD
Affected sites North American factories (reportedly Wisconsin, Texas)

The trap inside "double extortion"

What makes Nitrogen genuinely dangerous isn't the lock — it's the copy. The gang runs a double-extortion playbook: it siphons the data out before it scrambles a victim's systems. That ordering matters enormously. A company can restore from a flawless backup, bring every machine humming back to life, and still be on the hook, because the attackers are holding a second copy and threatening to publish it.

For a manufacturer, that splits the crisis in two. The assembly lines can be running again — the part Foxconn's statement was so eager to promise — while the crown-jewel intellectual property remains a hostage somewhere in the dark. It is also, depressingly, the texture of the whole year. The industry has settled into an elevated "new normal," with CRIL recording 702 ransomware incidents globally in March 2026 alone. The crews stopped chasing fast payouts and started collecting leverage.

The exposure you can't engineer your way out of

Here is the detail that ought to keep every hardware executive up at night, and it has nothing to do with their own firewalls. Not one of those six tech giants was hacked. Their schematics are allegedly loose on a criminal forum because a partner was compromised — a company several steps down their own supply chain.

You can pour a fortune into perimeter defense, run red teams until your engineers beg for mercy, and still wake up to your unreleased designs trading on a dark-web board because someone at a vendor opened the wrong attachment. That is the security problem that defines this moment, and it resists the usual fixes. The threat isn't the wall around your house. It's everyone you've already handed a key.

FAQ

Did Foxconn confirm Apple and Nvidia data was stolen?

No. Foxconn only confirmed a cyberattack on its North American factories. The claims about Apple, Nvidia and others' data come from the Nitrogen ransomware group, with partial corroboration from outlets like AppleInsider, which reported confirming stolen Apple server schematics.

What is double-extortion ransomware?

It's an attack where criminals steal data and then encrypt the victim's systems. Even if the victim restores from backups, attackers threaten to leak the stolen data unless paid — so backups alone don't neutralize the threat.

How were major tech companies' files exposed without being hacked?

Through supply-chain exposure. The companies weren't breached directly; their designs were held by Foxconn as a manufacturing partner, and Foxconn was the one compromised.


Sources: BleepingComputer, The Register, TechCrunch, AppleInsider.

Image: Foxconn, Public domain, via Wikimedia Commons.

#cybersecurity#ransomware#foxconn

← Back to all posts