Foxconn confirms ransomware attack disrupted operations at Mexico factory

Smartphone manufacturing giant Foxconn has confirmed that a ransomware attack in late May disrupted operations at one of its Mexico-based production plants.

“It is confirmed that one of our factories in Mexico experienced a ransomware cyberattack in late May,” Jimmy Huang, a Foxconn spokesperson told TechCrunch. “The company’s cybersecurity team has been carrying out the recovery plan accordingly.”

The affected production plant is Foxconn Baja California, located in the city of Tijuana at the border with California, which specializes in the production of medical devices, consumer electronics and industrial operations. The company told TechCrunch that while operations at the plant were disrupted as a result of the ransomware attack, the factory is “gradually returning to normal.”

“The disruption caused to business operations will be handled through production capacity adjustment,” Huang added. “The cybersecurity attack is estimated to have little impact on the Group’s overall operations. Relevant information about the incident is also provided instantly to our management, clients and suppliers.” 

Foxconn declined to say whether any data was accessed as a result of the attack, nor did it provide any information on who was responsible. However, the operators of the LockBit — a prominent ransomware-as-a-service (RaaS) operation — have claimed responsibility for the May 31 attack and is threatening to leak data stolen from Foxconn unless a ransom is paid by June 11. LockBit’s demands remain unknown and Foxconn refused to comment on whether it had paid the ransom demand.

Cybersecurity firm Mandiant said in an analysis on Thursday that Russia-based Evil Corp, a notorious hacking group that was sanctioned by the U.S. Treasury’s Office of Foreign Assets Control in December 2019, had been using LockBit in a bid to blend in with other affiliates. It remains unclear whether the Foxconn attack is linked to the sanctioned hacking group, which developed and distributed the Dridex malware. 

This isn’t the first time that Foxconn has been hit by ransomware. In December 2020, the company said that some of its systems based in the U.S. had been attacked by the operators of the DoppelPaymer ransomware who demanded a payment of $34 million in bitcoin.