Foxconn said on May 12 that some of its North America plants were hit by a cyberattack and that affected sites are now resuming normal production. The company said its cybersecurity team activated an emergency response immediately and put contingency measures in place to keep production and deliveries running. [1, 2, 3]
Reports earlier said the incident began at Foxconn's Wisconsin site on May 1 and caused major network disruptions that hit Wi-Fi, clock-in systems, work-hour tracking, Active Directory logins and internal workstations. Employees told reporters they were told to stop logging into systems, use paper time records and disconnect phones from factory Wi-Fi. [4, 5, 6]
The same reports said the ransomware group Nitrogen Ransomware claimed on the dark web that it had obtained about 8TB of Foxconn data, or more than 11 million files. Some reports said the alleged material included assembly instructions, data-center architecture diagrams, hardware design blueprints and circuit specs, and claimed links to Apple, Intel, Google, NVIDIA and Dell. Foxconn has not publicly confirmed a ransomware attack or data leak in its statement. [1, 2, 4, 5, 6, 7, 3, 8, 9, 10]
Reports also said production at the affected Wisconsin plant was disrupted from May 5, while the ransomware group was reported to have named Foxconn among its leak-site victims on May 11. Foxconn's Wisconsin site has in recent years been seen as an important base for AI servers, high-performance computing and data-center infrastructure. [4, 5, 6, 11]
Foxconn said the affected factories are back in normal production or are in the process of returning to normal, and it did not detail the scope of the attack or any data exposure. [1, 2, 5, 12, 7, 3, 11, 8, 9, 10]
