Security Experts:

Foxconn Says Systems in U.S. Targeted in Cyberattack

Electronics manufacturing giant Foxconn has confirmed that some of its systems have been targeted in a cyberattack, after a group of hackers started leaking files allegedly stolen from the company.

A cybercriminal gang that targets organizations using the DoppelPaymer (DopplePaymer) ransomware claimed on December 6 on a website where it posts data stolen from victims that it breached Foxconn.

The attackers have already leaked a handful of files, including a PowerPoint presentation, a Word document, and a couple of PDF files. The leaked files do not appear to contain any sensitive information.

Files allegedly stolen by hackers from Foxconn

“We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29,” Foxconn Technology Group told SecurityWeek in an emailed statement.

“We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal action and to identify those responsible and bring them to justice,” the company added. “The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases.”

Bleeping Computer, which was the first to report on the incident, learned from sources that the hackers demanded a payment of roughly $34 million in bitcoin from Foxconn. The cybercriminals claimed to have stolen roughly 100 GB of files and their ransomware allegedly encrypted files on approximately 1,200 servers. They also said they deleted between 20 and 30 TB of backups.

Bleeping Computer reported that the attackers claimed to have hit a facility in Ciudad Juárez, Mexico, but Foxconn said the targeted systems were in the United States. SecurityWeek has reached out to Foxconn for further clarifications.

Cybercrime intelligence company Hudson Rock claims to have identified a Foxconn employee who had their device compromised as part of a global malware campaign. The employee in question allegedly had login credentials for the company’s VPN and internal network.

The DoppelPaymer gang recently also targeted Banijay, one of the world’s largest media production and distribution companies.

The DoppelPaymer ransomware emerged in the summer of 2019 and in February 2020 its operators launched a leak website where they have been publishing data stolen from victims that refuse to pay the ransom.

The leak website currently shows over 100 alleged victims, including Mexican state-owned oil company Petróleos Mexicanos (Pemex). The DoppelPaymer group is also believed to be behind the recent attack on a German hospital that led to a delay in treatment, resulting in a person’s death.

Related: University Project Tracks Ransomware Attacks on Critical Infrastructure

Related: DopplePaymer Ransomware Spreads via Compromised Credentials: Microsoft

Related: Hackers Demand $11 Million From Capcom After Ransomware Attack

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.