Hackers attack Foxconn again, Apple doesn’t seem to be at risk

More than 10 million documents representing 8 terabytes of data have been stolen from the Foxconn network. Confidential projects from AMD, Google and Intel may be revealed, but Apple’s technology appears safe.

Even with Apple’s extensive security measures for pre-production designs, the company’s supply chain partners are often victims of cyberattacks. In December 2025, an Apple assembler in China was targeted by attackers, and the same thing happened to Luxshare in January 2026.

Today, Foxconn became the latest Apple supply chain and assembly partner to suffer a cyberattack. On Tuesday, the company confirmed that its Mount Pleasant, Wisconsin, facility was impacted by the May 2026 attack.

The Nitrogen ransomware group claims to have recovered 8TB of data, or more than 11 million files. “These include files such as confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects,” reads the group’s announcement.

Nitrogen also released a collection of sample files, intended to serve as evidence of the alleged attack. While woozad will not share links to the allegedly stolen files, we analyzed the sample provided by the group to better understand the scope of the attack.

The attackers apparently stole financial documents related to Foxconn’s facilities in Houston, Texas. Documentation relating to Foxconn temperature sensors, integrated circuits, board layouts, etc. was also stolen.

Additionally, the files appear to contain network topology documentation related to AMD, Intel, and Google projects, including files related to server processors, sockets, and other components. The sample set appears to contain files related to Foxconn’s electrical engineering team more than anything else.

It is unclear whether there are any files directly related to existing or future Apple projects. This ultimately isn’t really surprising, given that Foxconn’s Mount Pleasant factory mainly produces TVs and data servers rather than Apple devices.

Based on the sample provided, it does not appear that Nitrogen obtained Apple schematics, documentation relating to Foxconn’s Apple product development teams, or Apple quality control data.

Foxconn’s manufacturing facilities, whether in China, India or elsewhere, are typically protected via an internal VPN. Although the facility network typically encompasses on-site computers, Foxconn factories communicate with each other and with Apple via email.

Because the group has records relating to Foxconn’s Houston, Texas, facility, it is possible that it acquired additional data from facilities other than Wisconsin. In other words, Nitrogen could have obtained Apple designs from a separate Foxconn factory, perhaps via emails or file-sharing servers.

While it’s difficult to determine exactly what was stolen, given that the group reportedly stole 8TB of files, it doesn’t appear that Apple has anything to worry about.

How the Foxconn cyberattack allegedly happened

As the Wisconsin publication notes ATM4Foxconn’s Mount Pleasant facility experienced a network outage in early May 2026 due to a cyberattack. Production was reportedly halted for about a week, but has since resumed.

By The cybersec guruThe facility’s network began experiencing issues on May 1, with Wi-Fi going out at 7:00 a.m. ET and disruptions to the plant’s primary infrastructure occurring at 11:00 a.m. ET. The manufacturing sector appears to have remained affected until May 12, 2026.

“We were told to turn off our computers and never log back in under any circumstances,” an anonymous employee was quoted as saying. “The timecard terminals were dead. We were filling out paper timesheets just to track our hours.”

Analyst Mark Henderson says “the real concern is Google and Intel’s topology specifications.” He explains that these are “architectural maps of active infrastructure” and that attackers could use the data to identify vulnerabilities in data centers around the world.

The ransomware group behind the attack, Nitrogen, has been around since 2023. The group appears to have ties to the BlackHat/ALPHV ransomware and is known for using a double extortion model. This means that it resorts to data encryption and then threatens to leak it.

However, according to Coveware, Nitrogen’s ESXi encryptor has a critical flaw. During encryption, the public key of the files gets corrupted, which means victims cannot receive the decrypted files even if the ransom is paid.

The full extent of the cyberattack targeting Foxconn’s Wisconsin facilities remains to be known. However, judging from the information available, it is unlikely that Apple product designs will surface through the efforts of hackers.