Major Electronics Manufacturer Hit by Nitrogen Ransomware
Electronics manufacturing giant Foxconn confirmed Monday that ransomware hackers breached its North American facilities, potentially exposing confidential data from major tech clients including Apple, Google, and NVIDIA. According to TechCrunch, the Nitrogen ransomware group claimed responsibility for stealing over 11 million files containing customer information and product schematics.
The attack affected Foxconn’s North American factories, though the company stated in media reports that “affected factories are currently resuming normal production.” Nitrogen published proof-of-concept images showing what appear to be product schematics, internal guidelines, and bank statements on their dark web leak site.
Canvas Platform Disrupts Thousands of Schools
Education technology company Instructure faced a separate ransomware crisis when the ShinyHunters group breached its widely-used Canvas learning platform. According to Wired, the attack forced Canvas into maintenance mode on Thursday, disrupting operations at over 8,800 schools during critical finals periods.
Harvard, Columbia, Rutgers, and Georgetown sent emergency alerts to students about the outage. The breach, which ShinyHunters advertised since May 1, exposed student names, email addresses, ID numbers, and platform messages. Instructure’s Chief Information Security Officer Steve Proud confirmed the incident affected “users at affected institutions” but marked the situation as resolved by Wednesday.
Healthcare and Security Firms Under Siege
Pennsylvania pharmaceutical giant West Pharmaceutical Services disclosed a ransomware attack that occurred May 4, prompting company-wide system shutdowns. SecurityWeek reported that attackers exfiltrated data before deploying file-encrypting malware, forcing the company to retain Palo Alto Networks’ Unit 42 incident response team.
The company told the SEC that “core enterprise systems” have been restored and critical shipping and manufacturing processes restarted at some sites, though complete restoration timelines remain unclear. West Pharmaceutical indicated it has “taken steps intended to mitigate the risk of dissemination of the exfiltrated data,” suggesting potential ransom negotiations.
Cybersecurity firm Trellix also confirmed a breach of its source code repository. According to SecurityWeek, the RansomHouse group claimed responsibility and published screenshots showing access to internal services and management dashboards. Trellix stated it found “no evidence that our source code release or distribution process was affected.”
Supply Chain Attacks Target Security Tools
Checkmarx warned users Friday that attackers published a malicious version of its Jenkins AST plugin to the official Jenkins Marketplace. SecurityWeek reported this incident stems from an ongoing supply chain attack that began in March when the TeamPCP hacker group accessed Checkmarx repositories through the compromised Trivy tool.
The attack escalated in April when the Lapsus$ extortion group publicly released data allegedly stolen from Checkmarx’s GitHub repositories. Users should verify they’re running plugin version 2.0.13-829.vc72453fa1c16 or newer. Checkmarx released updated versions 2.0.13-848.v76e89de8a053 over the weekend, now available on both GitHub and the Jenkins Marketplace.
This supply chain campaign has impacted multiple cybersecurity vendors including Aqua Security and Bitwarden, with security researchers noting potential connections between TeamPCP and established ransomware groups.
Double Extortion Tactics Evolve
The recent attacks demonstrate ransomware groups’ increasing sophistication in double-extortion tactics. Nitrogen, RansomHouse, and ShinyHunters all steal data before encryption, creating dual pressure points for ransom demands. These groups maintain dark web leak sites listing hundreds of victims, with RansomHouse alone claiming over 170 organizations.
The Foxconn breach particularly highlights supply chain risks, as the manufacturer produces components for virtually every major technology company. The stolen files allegedly include confidential information from Apple, Dell, Google, Intel, and NVIDIA partnerships.
Education remains a prime target, with the Canvas incident affecting institutions across at least a dozen states during critical academic periods. The timing amplified impact as students faced disrupted access to assignments, grades, and communication tools during finals week.
What This Means
These coordinated attacks signal a dangerous escalation in ransomware sophistication and target selection. The simultaneous targeting of critical infrastructure (Foxconn), education platforms (Canvas), healthcare (West Pharmaceutical), and security tools (Trellix, Checkmarx) suggests coordinated campaigns designed to maximize disruption and ransom leverage.
The supply chain focus is particularly concerning. When attackers compromise tools like Jenkins plugins or manufacturing partners like Foxconn, they gain access to downstream victims across entire industries. Organizations must reassess third-party risk management and implement zero-trust architectures that assume compromise.
For education institutions, the Canvas incident exposes dangerous over-reliance on single platforms for critical operations. Schools need backup systems and incident response plans that account for extended vendor outages during high-stakes periods like finals.
FAQ
How many organizations were affected by these recent ransomware attacks?
The Canvas breach alone affected over 8,800 schools according to ShinyHunters’ claims, while Foxconn’s compromise potentially impacts every major technology company that relies on their manufacturing services. The exact scope continues expanding as investigations proceed.
What data was stolen in the Foxconn attack?
Nitrogen claims to have stolen 11 million files including confidential customer information, product schematics, internal guidelines, and financial documents from Apple, Google, NVIDIA, Dell, Intel, and other major tech partners.
Should organizations pay ransomware demands?
Security experts and law enforcement agencies consistently advise against paying ransoms, as it funds criminal operations and provides no guarantee of data recovery. West Pharmaceutical’s apparent negotiations highlight the difficult decisions organizations face when critical operations are disrupted.
Related news
Sources
- West Pharmaceutical Services Hit by Disruptive Ransomware Attack – SecurityWeek
- Ransomware Group Takes Credit for Trellix Hack – SecurityWeek
- Ransomware hackers claim breach at Foxconn, a major electronics manufacturer for Apple, Google, and Nvidia – TechCrunch
- The Canvas Hack Is a New Kind of Ransomware Debacle – Wired
- Checkmarx Jenkins AST Plugin Compromised in Supply Chain Attack – SecurityWeek
