Connect with us

Hi, what are you looking for?



Foxconn Says Systems in U.S. Targeted in Cyberattack

Electronics manufacturing giant Foxconn has confirmed that some of its systems have been targeted in a cyberattack, after a group of hackers started leaking files allegedly stolen from the company.

Electronics manufacturing giant Foxconn has confirmed that some of its systems have been targeted in a cyberattack, after a group of hackers started leaking files allegedly stolen from the company.

A cybercriminal gang that targets organizations using the DoppelPaymer (DopplePaymer) ransomware claimed on December 6 on a website where it posts data stolen from victims that it breached Foxconn.

The attackers have already leaked a handful of files, including a PowerPoint presentation, a Word document, and a couple of PDF files. The leaked files do not appear to contain any sensitive information.

Files allegedly stolen by hackers from Foxconn

“We can confirm that an information system in the US that supports some of our operations in the Americas was the focus of a cybersecurity attack on November 29,” Foxconn Technology Group told SecurityWeek in an emailed statement.

“We are working with technical experts and law enforcement agencies to carry out an investigation to determine the full impact of this illegal action and to identify those responsible and bring them to justice,” the company added. “The system that was affected by this incident is being thoroughly inspected and being brought back into service in phases.”

Bleeping Computer, which was the first to report on the incident, learned from sources that the hackers demanded a payment of roughly $34 million in bitcoin from Foxconn. The cybercriminals claimed to have stolen roughly 100 GB of files and their ransomware allegedly encrypted files on approximately 1,200 servers. They also said they deleted between 20 and 30 TB of backups.

Bleeping Computer reported that the attackers claimed to have hit a facility in Ciudad Juárez, Mexico, but Foxconn said the targeted systems were in the United States. SecurityWeek has reached out to Foxconn for further clarifications.

Advertisement. Scroll to continue reading.

Cybercrime intelligence company Hudson Rock claims to have identified a Foxconn employee who had their device compromised as part of a global malware campaign. The employee in question allegedly had login credentials for the company’s VPN and internal network.

The DoppelPaymer gang recently also targeted Banijay, one of the world’s largest media production and distribution companies.

The DoppelPaymer ransomware emerged in the summer of 2019 and in February 2020 its operators launched a leak website where they have been publishing data stolen from victims that refuse to pay the ransom.

The leak website currently shows over 100 alleged victims, including Mexican state-owned oil company Petróleos Mexicanos (Pemex). The DoppelPaymer group is also believed to be behind the recent attack on a German hospital that led to a delay in treatment, resulting in a person’s death.

Related: University Project Tracks Ransomware Attacks on Critical Infrastructure

Related: DopplePaymer Ransomware Spreads via Compromised Credentials: Microsoft

Related: Hackers Demand $11 Million From Capcom After Ransomware Attack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...