The Foxconn ransomware attack is the biggest supply chain breach of 2026 and how it happened is still unclear. Foxconn assembles iPhones for Apple, GPUs for Nvidia and servers for Dell.
It runs 230 factories across 24 countries and topped $260 billion in revenue in 2025. Because of that scale, an attack on Foxconn is considered an attack on the tech industry as a whole.
The Day Foxconn’s Factories Went Dark
On the 11th of May 2026, Nitrogen posted Foxconn on its dark web leak site. Before that, employees at factories in Wisconsin and Texas had already received orders to shut down their computers and stay off the network entirely.
In addition, clocking in and out stopped working. Workers had to start tracking hours by hand and some factories sent workers home early.
For nearly two weeks, Foxconn claimed it was a technical issue. Then on the 12th of May 2026, a spokesperson confirmed that factories across North America had suffered a cyberattack.
Inside the Foxconn Ransomware Attack: Who is Nitrogen?
The ransomware group, Nitrogen, has operated since 2023. It is believed the group built its tools on leaked Conti 2 ransomware code.
Before this attack, Nitrogen targeted mid-sized manufacturers exclusively. Those companies were large enough to suffer from downtime but small enough to have security gaps.
However, Foxconn breaks that pattern entirely. Targeting the world’s largest contract manufacturer shows that Nitrogen is moving up deliberately. Moreover, researchers who have tracked the group confirm the attack matches Nitrogen’s known methods.
8TB, 11 Million Files, and Client Names on the Dark Web
After the attack, Nitrogen claimed to have pulled 8TB of data from Foxconn’s systems. That covers more than 11 million files.
Furthermore, the group says the stolen data includes confidential project documents, technical drawings, and internal instructions. Those files connect directly to Apple, Nvidia, Google, Dell, AMD, and Intel. Foxconn has not confirmed which customer data the attackers took.
Beyond that, a flaw in Nitrogen’s own decryptor was identified earlier in 2026. That flaw makes file recovery mathematically impossible. Therefore, companies that pay the ransom recover nothing.
The Foxconn Ransomware Attack Is a Supply Chain Problem, Not Just a Foxconn Problem
However, Foxconn is not a first-time victim. DoppelPaymer attacked a Foxconn plant in Mexico in 2020 and demanded a reported $34 million. LockBit followed in 2022 and returned again in 2024 to target Foxconn’s semiconductor business.
Moreover, these attacks follow a clear and deliberate logic. Breaching Foxconn is far easier than breaching Apple or Nvidia directly. Yet the data reward is easily comparable, because Foxconn holds sensitive project files for all of them.
One attack on the manufacturer consequently reaches dozens of the world’s most valuable technology companies at once.
What Every Tech Company Must Do Now
Overall, the Foxconn attack reveals a fundamental weakness in big tech’s approach to supply chain security. Major brands outsource manufacturing and then trust contract producers to manage their own cybersecurity.
In response to this attack, security researchers urge Foxconn’s clients to audit and restrict supplier access immediately. They also recommend deploying anti-ransomware controls that catch data exfiltration in real time.
Most importantly, researchers warn against paying Nitrogen’s ransom. The decryptor does not work. Ultimately, until global tech stops concentrating production inside a handful of giant contract manufacturers, those manufacturers will stay the easiest target in the industry.
