Foxconn Confirms Cyberattack: Are Apple’s Secret Project Files in the Wild?
Tada Images / Adobe Stock
Toggle Dark Mode
Following a ransomware group’s claim that it had stolen confidential Apple project files, Apple manufacturing partner Foxconn has admitted that several of its US factories were recently hit by a cyberattack.
Earlier this week, the Nitrogen hacking group posted news of the breach on its data leak site, claiming to have heisted 8 TB of data — including over 11 million files. In addition to allegedly stealing private files related to Apple, the bad actors also claim to have harvested technical drawings and internal project documents connected to other Foxconn partners, including Nvidia, Google, Dell, and Intel.
While Foxconn confirmed the breach on Tuesday, it declined to respond to inquiries by The Register regarding what, if any, customer data had actually been stolen in the attack on its Mount Pleasant facility in Wisconsin.
“Some of Foxconn’s factories in North America suffered a cyberattack,” a Foxconn spokesperson told the publication. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
While Foxconn is one of Apple’s largest assembly partners, Apple is known to take the security of information connected to unreleased products quite seriously. As noted by Mactrast, the Cupertino firm typically shares only the minimum required data for each supplier’s specific manufacturing role. Further, the hackers may not have found much Apple-related data at the Wisconsin plant, which is primarily focused on data center infrastructure and high-performance computing hardware rather than consumer electronics like the iPhone or MacBook.
However, even with Apple’s extensive security measures, this isn’t the first time the company’s supply chain partners have fallen victim to cyberattacks. In December 2025, a Chinese Apple assembly partner was the target of attackers, and Apple partner Luxshare was hit by an attack in January 2026.
AppleInsider reports that it was able to analyze the sample provided by the group to determine the scope of the attack. The sample included financial documents related to Foxconn’s Houston, Texas, facility, as well as documentation related to Foxconn temperature sensors, integrated circuits, board layouts, and more.
The stolen files also appear to include network topology documentation related to AMD, Intel, and Google projects. Those files include information about server processors, sockets, and other components.
Despite the hackers’ claims, the examined files do not appear to include anything directly related to existing or future Apple projects, which seems to confirm that this specific facility is outside of Apple’s immediate assembly loop.
Nitrogen is believed to be an offshoot of leaked Russia-based Conti 2 ransomware code, and is known for utilizing a double-extortion model, first encrypting a target’s data and later threatening to leak it if a ransom is not paid. However, even if Foxconn were to pay a ransom to recover encrypted files, they may be unable to do so. Researchers at Coveware have previously warned that a bug in the group’s ESXi encryptor makes file recovery impossible, even when the ransom is paid.
Foxconn’s Mount Pleasant facility in Wisconsin was hit by a network outage earlier this month, due to a cyberattack. While production at the facility was reportedly interrupted for approximately a week, it has since resumed. The data was likely stolen at that time.
At this point, it is impossible to determine the full scope of the cyberattack and just how much Apple-related information was harvested in the attack. We’ll keep you posted as we learn more.
