Foxconn Ransomware Attack Shows Nothing Is Safe Forever

A ransomware group is attempting to extort the electronics manufacturing elephantine Foxconn, claiming that it stole 8 TB of information from the company, including schematics and task details from customers including Dell, Google, Apple, and Nvidia. Foxconn did not instantly respond to WIRED's petition for remark astir the validity of the claims, but the institution did admit that immoderate of its North American factories “suffered a cyberattack” successful caller days, and that "affected factories are presently resuming mean production” aft outages.

Foxconn is the benignant of people that is peculiarly appealing to ransomware and information extortion actors, due to the fact that it is simply a monolithic institution with divisions and subsidiaries astir the satellite that not lone clasp its ain intelligence property, but that of its customers. The institution is simply a cardinal manufacturing contractor for physics components oregon full devices, including Apple's iPhones.

“Ransomware groups are progressively targeting victims that tin interaction the proviso chain, whether it is carnal oregon software,” says Allan Liska, a menace quality expert astatine information steadfast Recorded Future. “So it’s unsurprising that a institution similar Foxconn would beryllium targeted since it does manufacturing and holds delicate information for truthful galore companies astir the world.”

The attackers, known arsenic the Nitrogen group, listed Foxconn connected its breach tract connected Monday. Nitrogen, which emerged successful 2023, is not the astir high-profile oregon prolific ransomware actor, but it has been steadily progressive with immoderate spikes, including astatine the extremity of 2024. The radical besides has connections to the notorious ALPHV/BlackCat ransomware group.

The thought of Foxconn arsenic a premier people is not conscionable conceptual. The institution has faced a fig of extortion attempts, including a December 2020 onslaught connected a Mexican installation successful which the DoppelPaymer ransomware radical memorably demanded 1,804 Bitcoin (worth astir $34 cardinal astatine the time). The LockBit radical deed different Foxconn installation successful Mexico successful May 2022 and disrupted production. Most recently, LockBit attacked a subsidiary called Foxsemicon Integrated Technology successful 2024 with defacements and information breach claims.

In summation to attempting to extort victims by threatening to merchandise information stolen successful an attack, Nitrogen besides often deploys accepted ransomware that encrypts a target's systems. Researchers accidental that the group's ransomware programme itself was built disconnected of wide repurposed “Conti 2” code, but has a problem. Nitrogen's encrypting mechanics has a plan flaw that makes it intolerable to decrypt information erstwhile it has been encrypted—even if the attackers privation to merchandise a victim's systems. It is unclear if this is simply a origin successful Foxconn's incidental effect this week.

Ransomware and information extortion is an inveterate integer information problem, and attackers regularly repetition targets and stoop to caller lows successful carrying retired ample standard disruptive attacks. Just past week, thousands of schools astir the US were paralyzed amid finals and different year-end activities erstwhile the acquisition tech steadfast Instructure unopen down entree to its Canvas level pursuing a breach perpetrated by extortion actors.