Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Foxconn was attacked by ransomware, which temporarily caused problems in its production facilities in Mexico and resulted in the theft of data. It is reported that the ransomware attack occurred on Thanksgiving weekend and the hacker was a DoppelPaymer group. The target of the attack was the Foxconn factory in Juarez, Chihuahua. About 1,200 servers were infected. 100GB of unencrypted files were stolen. The ransomware attack also caused 20TB to 30TB of backup data to be deleted. It is reported that the DoppelPaymer group demanded a ransom of 1804.0955 Bitcoin (approximately 220 million yuan) in exchange for an encryption key and promise not to publish the stolen data. Foxconn did not pay, and at least part of the data has been published on the dark web. In response, Foxconn responded that its factories in the Americas have indeed been attacked by cyber ransomware recently. At present, its internal information security team has completed software and operating system security updates, and at the same time improved the level of information security protection. At the same time, the affected factories are restoring the network, which has little impact on the group's overall operations. Attack method (per SlowMist): Ransomware. Reported loss: -.
- chain
- bitcoin
- protocol
- Foxconn
- bug_class
- unknown
- date_occurred
- 2020-12-08
- loss_usd
- —
- source_id
- sm:foxconn::2020-12-08