Apple supply chain partner Foxconn suffered a cyberattack at its Wisconsin facility.
More than 10 million documents spanning 8 terabytes of data were reportedly stolen from Foxconn’s network. Confidential AMD, Google, and Intel projects are at risk of exposure, but Apple’s tech appears to be safe.
Even with Apple’s extensive security measures for pre-production designs, the company’s supply chain partners often fall victim to cyberattacks. In December 2025, an Apple assembler in China was targeted by attackers, with the same thing happening to Luxshare in January 2026.
Now, Foxconn has become the latest Apple supply chain and assembly partner to suffer a cyberattack. On Tuesday, the company confirmed its facility in Mount Pleasant, Wisconsin, had been impacted by the attack in May 2026.
Ransomware group Nitrogen claims to have taken 8TB of data, or over 11 million files. “These include files such as confidential instructions, projects, and drawings from Intel, Apple, Google, Dell, Nvidia, and many other projects,” reads the group’s announcement.
Nitrogen also posted a collection of sample files, meant to serve as proof of the alleged attack. While AppleInsider won’t share links to the allegedly stolen files, we did analyze the sample provided by the group to gain a better understanding of the scope of the attack.
The attackers seemingly stole financial documents related to Foxconn’s Houston, Texas, facility. Also stolen was documentation related to Foxconn temperature sensors, integrated circuits, board layouts, and more.
Additionally, the files appear to contain network topology documentation related to AMD, Intel, and Google projects, including files related to server processors, sockets, and other components. The sample set seems to contain files related to Foxconn’s electrical engineering team more than anything else.
It’s not clear if there are any files directly related to existing or future Apple projects. This ultimately doesn’t serve as much of a surprise, given that Foxconn’s Mount Pleasant facility primarily produces televisions and data servers rather than Apple devices.
Based on the sample provided, it does not look like Nitrogen obtained any Apple schematics, documentation related to Foxconn’s Apple product development teams, or Apple quality control data.
Foxconn’s manufacturing facilities, be they in China, India, or elsewhere, are typically protected via an internal VPN. While the facility network typically encompasses on-site computers, Foxconn plants do communicate with one another and with Apple via email.
As the group has documents related to Foxconn’s Houston, Texas, facility, they may have acquired additional data from facilities beyond the one in Wisconsin. In other words, Nitrogen might have obtained Apple designs from a separate Foxconn factory, maybe through emails or file-sharing servers.
While it’s difficult to ascertain exactly what was taken, given the group allegedly stole 8TB worth of files, it does not look like Apple has much to worry about.
How the Foxconn cyberattack allegedly happened
As noted by the Wisconsin publication TMJ4, Foxconn’s Mount Pleasant facility experienced a network outage in early May 2026 because of a cyberattack. Production was allegedly interrupted for around a week, but has since resumed.
Per The Cybersec Guru, the facility’s network began experiencing issues on May 1, with Wi-Fi being cut off at 7 AM ET, and disruptions to the core plant infrastructure occurring by 11 AM ET. Manufacturing seemingly remained affected until May 12, 2026.
“We were told to turn off our computers and not log back in under any circumstances,” allegedly said an unnamed worker. “The timecard terminals were dead. We were filling out paper timesheets just to track our hours.”
Analyst Mark Henderson claims that “the topology specs for Google and Intel are the real concern.” He explains that these are “architectural maps of live infrastructure,” and that attackers could use the data to identify vulnerabilities in data centers across the world.
The ransomware group behind the attack, Nitrogen, has been around since 2023. The group seems to have ties to the BlackHat/ALPHV ransomware and is known for utilizing a double-extortion model. This means it resorts to encrypting data and later threatening to leak it.
However, according to Coveware, Nitrogen’s ESXi encryptor has a critical flaw. During encryption, the files’ public key gets corrupted, meaning that victims are unable to receive decrypted files even if the ransom is paid.
The full scope of the cyberattack targeting Foxconn’s Wisconsin facility remains to be seen. Judging by the available information, however, it’s unlikely we’ll see Apple’s product designs surface as a result of the hackers’ efforts.
This story originally appeared on Appleinsider
