Lily Hay Newman Security May 12, 2026 5:52 PM Foxconn Ransomware Attack Shows Nothing Is Safe Forever Famous for helping build Apple's iPhones, Foxconn just suffered another cyberattack, highlighting the perils of warehousing some of the world's most valuable data. Photograph: Taylor Glascock/Getty Images Save this story Save this story A ransomware group is attempting to extort the electronics manufacturing giant Foxconn , claiming that it stole 8 TB of data from the company, including schematics and project details from customers including Dell , Google , Apple , and Nvidia . Foxconn did not immediately respond to WIRED's request for comment about the validity of the claims, but the company did acknowledge that some of its North American factories “suffered a cyberattack” in recent days, and that "affected factories are currently resuming normal production” after outages. Foxconn is the type of target that is particularly appealing to ransomware and data extortion actors, because it is a massive company with divisions and subsidiaries around the world that not only hold its own intellectual property, but that of its customers. The company is a key manufacturing contractor for electronic components or entire devices, including Apple's iPhones . “Ransomware groups are increasingly targeting victims that can impact the supply chain, whether it is physical or software,” says Allan Liska, a threat intelligence analyst at security firm Recorded Future. “So it’s unsurprising that a company like Foxconn would be targeted since it does manufacturing and holds sensitive data for so many companies around the world.” The attackers, known as the Nitrogen group, listed Foxconn on its breach site on Monday. Nitrogen, which emerged in 2023, is not the most high-profile or prolific ransomware actor, but it has been steadily active with some spikes, including at the end of 2024. The group also has connections to the notorious ALPHV/BlackCat ransomware group. The idea of Foxconn as a prime target is not just conceptual. The company has faced a number of extortion attempts, including a December 2020 attack on a Mexican facility in which the DoppelPaymer ransomware group memorably demanded 1,804 Bitcoin (worth roughly $34 million at the time). The LockBit group hit another Foxconn facility in Mexico in May 2022 and disrupted production. Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology in 2024 with defacements and data breach claims. In addition to attempting to extort victims by threatening to release data stolen in an attack, Nitrogen also often deploys traditional ransomware that encrypts a target's systems. Researchers say that the group's ransomware program itself was built off of widely repurposed “Conti 2” code, but has a problem. Nitrogen's encrypting mechanism has a design flaw that makes it impossible to decrypt data once it has been encrypted—even if the attackers want to release a victim's systems. It is unclear if this is a factor in Foxconn's incident response this week. Ransomware and data extortion is an inveterate digital security problem, and attackers regularly repeat targets and stoop to new lows in carrying out large scale disruptive attacks. Just last week, thousands of schools around the US were paralyzed amid finals and other year-end activities when the education tech firm Instructure shut down access to its Canvas platform following a breach perpetrated by extortion actors. Comments Back to top You Might Also Like In your inbox: Will Knight's AI Lab explores advances in AI Data centers could emit more greenhouse gases than entire nations Big Story: The secrets of Madison Square Garden’s surveillance machine A startup says it grew human sperm in a lab —and used it to make embryos Take our survey: What does “home” mean to you? Lily Hay Newman is a senior writer at WIRED focused on information security, digital privacy, and hacking. She previously worked as a technology reporter at Slate, and was the staff writer for Future Tense, a publication and partnership between Slate, the New America Foundation, and Arizona State University. Her work ... Read More Senior Writer Topics apple Google NVIDIA ransomware cybersecurity cyberattacks security hacking malware Read More The Canvas Hack Is a New Kind of Ransomware Debacle Thousands of schools around the US were paralyzed on Thursday after education tech firm Instructure shut down access to its Canvas platform following a breach by hackers going by the name ShinyHunters. Lily Hay Newman AI Tools Are Helping Mediocre North Korean Hackers Steal Millions One group of hackers used AI for everything from vibe coding their malware to creating fake company websites—and stole as much as $12 million in three months. Matt Burgess Hackable Robot Lawn Mower Unlocks a New Nightmare Plus: Meta officially kills encrypted Instagram DMs, the Trump administration targets “violent left wing extremists,” leaked documents reveal Russia's school for elite hackers, and more. Maddy Varner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Plus: Spy firms tap into a global telecom weakness to track targets, 500,000 UK health records go up for sale on Alibaba, Apple patches a revealing notification bug, and more. Matt Burgess Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005—and likely deployed by the US or an ally. Andy Greenberg Dangerous New Linux Exploit Gives Attackers Root Access to Countless Computers The exploit, dubbed CopyFail and tracked as CVE-2026-31431, allows hackers to take over PCs and data center servers. The Linux vulnerabilities have been patched—but many machines remain at risk. Dan Goodin, Ars Technica It Takes 2 Minutes to Hack the EU’s New Age-Verification App Plus: Major data breaches at a gym chain and hotel giant, a disruptive DDoS attack against Bluesky, dubious ICE hires, and more. Andrew Couts Thousands of Vibe-Coded Apps Expose Corporate and Personal Data on the Open Web Companies like Lovable, Base44, Replit, and Netlify use AI to let anyone build a web app in seconds—and in thousands of cases, spill highly sensitive data onto the public internet. Andy Greenberg 90,000 Screenshots of One Celebrity's Phone Were Exposed Online Spyware appears to have captured everything from intimate photos to private messages from the smartphone of European celebrity. They were publicly accessible until a researcher flagged the exposure. Matt Burgess In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model. Lily Hay Newman Hackers Hate AI Slop Even More Than You Do It's not just you. Scammers, hackers, and other cybercriminals are complaining about “AI shit” flooding platforms where they discuss cyberattacks and other illegal activity. Matt Burgess OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks. Lily Hay Newman