Contract electronics manufacturer Foxconn has confirmed to Bleeping Computer that one of its factories in Mexico has fallen victim to cyber criminals. Specifically, a factory located in Tijuana, a critical supply hub for the US, is being extorted by a ransomware gang. The operators behind the Lockbit 2.0 ransomware have claimed responsibility.
According to reports today, the breach of Foxconn Tijuana systems occurred in late May. A post by the Lockbit group indicates that it has given Foxconn approximately a fortnight to comply with its demands, or it will leak "all available data," that it has purloined from Foxconn servers. The demands of the extortioners haven't been disclosed.
As a manufacturing partner to some of the biggest names in tech, Foxconn might hold valuable and sensitive third party data on its systems. This could be a bigger worry for Foxconn than its own proprietary information and records data.
Foxconn has three factories in Mexico, responsible for the production of electronics goods such as LCD TVs, set top boxes and smartphones. Additionally, Tijuana is a distribution hub for stock going to the USA. A statement Bleeping Computer received from Foxconn said that, since the ransomware attack in late May, a cybersecurity team has been executing a recovery plan and operations are "gradually returning to normal." Overall, the attack has had "little impact on the Group's overall operation," assured the statement. All affected clients, suppliers, and affected management team members are being kept up to date with the impacts and fallout from the Lockbit attack. It isn't known whether the Lockbit organization will be enjoying ill-gotten gains from this attack, a ransom payment, or if Foxconn has managed to mitigate the effects independently. Of course no firm would want to telegraph the success of a ransomware group, if it were successful.
This isn't the first brush with a major ransomware attack for Foxconn Mexico. Back in 2020 the contract manufacturer was impacted when its Ciudad Juárez factory computer systems fell victim to DoppelPaymer ransomware. A demand for $34 million in Bitcoin accompanied that breach. Earlier this year the Lockbit gang were reportedly trying to extract tens of millions of dollars from tire giant Bridgestone, after infiltrating its computer systems.
