Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Ransomware group He tries to blackmail an electronics manufacturing giant Foxconnclaiming he stole 8 terabytes of data from the company, including blueprints and project details from clients including Dale, Google, appleand Nvidia. Foxconn did not immediately respond to WIRED’s request for comment on the veracity of the allegations, but the company acknowledged that some of its North American factories “were subject to a cyberattack” in recent days, and that “affected factories are currently resuming normal production” following the outage.
Foxconn is the type of target that is particularly attractive to ransomware and data extortion actors, because it is a huge company with divisions and subsidiaries around the world that own not only its intellectual property rights, but also those of its customers. Company is key Manufacturing contractor For electronic Elements Or entire devices, incl iPhone phones from Apple.
“Ransomware groups are increasingly targeting victims who can impact the supply chain, whether physical or software,” says Alan Liska, a threat intelligence analyst at security firm Recorded Future. “So it is not surprising that a company like Foxconn would be targeted because it manufactures and holds sensitive data for many companies around the world.”
The attackers, known as the Nitrogen Group, included Foxconn in its hack site on Monday. Nitrogen, which emerged in 2023, is not one of the most well-known or prolific ransomware actors, but has been steadily active with some spikes, including at the end of 2024. The group also has connections to the notorious network. ALPHV/Black Cat Ransomware group.
The idea of Foxconn as a prime target is not just conceptual. The company has faced a number of extortion attempts, including a December 2020 attack In a Mexican facility where the DoppelPaymer Ransomware group demanded an unforgettable sum of 1,804 Bitcoins (worth approximately $34 million at the time). The LockBit group hit another Foxconn facility in Mexico In May 2022 Production was disrupted. Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology in 2024 due to deformities and data breach claims.
In addition to attempting to blackmail victims by threatening to release data stolen in the attack, Nitrogen also often deploys traditional ransomware that encrypts the target’s systems. The group’s ransomware itself is based on widely reused “Conti 2” code, but it has a problem, researchers say. Its nitrogen coding mechanism Design flaw This makes it impossible to decrypt data once it has been encrypted, even if attackers wanted to free the victim’s systems. It is not clear whether this was a factor in Foxconn’s response to the incident this week.
Ransomware and data extortion are an inherent digital security problem, and attackers are regularly replicating targets and stooping to new lows in carrying out large-scale disruptive attacks. Just last week, thousands of schools across the United States were paralyzed amid final exams and other end-of-year activities when an education technology company… Instructure has closed access to its Canvas platform After the violation committed by the extortionists.