Cyberattack: First they come for Foxconn, then they come for you

Cyberattack: First they come for Foxconn, then they come for you

5gDedicated
Yanac

Apple’s key manufacturing partner Foxconn has confirmed its US factories suffered a ransomware attack in recent days after the gang responsible claimed to have stolen 8TB of data from the company — including confidential Apple information.

This isn’t the first attack to hit Foxconn, and such is the scale and value of the company that it is unlikely to be the last. Criminals understand the value of the information it has and see it as a prime target. That it is an industrial company actively deploying smart factory infrastructure across its premises just makes it an even more interesting challenge; what happens if the machinery itself is attacked?

Industrial defenses have improved; so have attacks

In practice, most large industrial facilities are moving to secure their own internal factory networks using technologies such as SD-WAN, private 5G networks, network segregation, isolation of production environments from the corporate network, and active monitoring against threats to factory machinery. All the same, attackers always hope that complex, well-planned combination exploits will find some way into even those most private and secure portions of corporate systems.

What happened at Foxconn

In this particular case, it doesn’t look as if the attack was made against connected industrial equipment at Foxconn. Wired reports a little of the events that took place:

The attack was identified on May 1.

Foxconn’s network collapsed.

Wi-Fi failed first, then the disruption extended to core plant infrastructure.

As the attack unfurled, workers were told to switch off their computers.

They were also instructed not to log back in under any circumstances.

There were previous attacks on other Foxconn facilities and subsidiaries, suggesting regular assaults on the company.

The attackers claim to have stolen key confidential data belonging to Foxconn clients, though sample files published by them don’t seem to include any Apple-related materials.

While it is easy to get lost in the shock value of what seems to be a successful attack against an Apple supplier, the underlying story should be a warning to every company as it highlights the febrile nature of the current threat environment.

The data is clear: factories are targets now

Recent security analyses have confirmed that attacks against the manufacturing sector are particularly severe. The IBM X-Force Threat Intelligence Index 2025 described manufacturing as the most targeted industry across four successive years. Dragos claims 70% of ransomware attacks have affected the sector, and the ENISA Threat Landscape raises similar alarms.

Attackers are highly focused on this sector for many reasons. They see the money potential of ransomware attacks and the reality that industrial operations can’t afford downtime, which means they become more likely to pay their way out of trouble. (That’s not to imply Foxconn has done so, but is more of a general observation.)

Attackers also recognize the fragmented nature of industrial cybersecurity as the industry goes through rapid digital transformation, leaving overall security only as strong as its weakest partner or parts.

Attacks are evolving quickly

It isn’t likely that the threat window will close any time soon. Paul Smith, director of Honeywell Operational Technology (OT) Cybersecurity Engineering warns, “Attackers are evolving fast, leveraging ransomware-as-a-service kits to compromise the industrial operations that keep our economy moving.”  

With new breed AI-augmented attacks expected to increase in volume and capacity in the coming years, the entire sector needs to put the strongest possible mitigations in place now. The continued evolution of nation state-adjacent attackers, likely equipped some day with access to quantum computers to power their exploits, is a real threat to industry and national infrastructure.

Put it all together and the recent attack against Foxconn is less of a story about Apple security and more a klaxon to everyone in the sector that the intensity and proficiency of these attacks is accelerating.

Plan for impact, not perfection

This also means larger entities such as Apple will probably need to introduce and/or enhance their mandatory supplier security guidelines to ensure supply chains have sufficient protection in place against such exploits — and the recognition that even when they do, successful attacks will still take place. 

Foxconn clearly had its own mitigation strategy, as it put this into effect the moment the attack took place then moved to threat analysis and dispatched mitigation teams. But even smaller operators should already know what they will do when attacked. Has your business got plans in place for this? Because the moral of today’s tale is that you should develop them immediately.

First they come for Foxconn. Then, they come for you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.Cyberattack: First they come for Foxconn, then they come for you – ComputerworldRead More