DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:03:37ZSOURCES: 14CRITICAL: 15
⚠ ACTIVE ALERTS
SYLVANITE CRITICAL — SYLVANITE is a newly named Dragos-tracked threat group identified as a dedicated… /// @MsftSecIntel CRITICAL — We are tracking TeamPCP (UNC6780) activity following the GitHub internal repository… /// @GossiTheDog CRITICAL — The GitHub / TeamPCP breach is now being monetized on BreachForums. Listing is up — $95k… /// @struppigel CRITICAL — SUPPLY CHAIN ALERT: Laravel-Lang PHP packages backdoored May 22-23 via hijacked GitHub… /// @MalwareHunterTeam CRITICAL — Seeing fresh DebugElevator stealer log batches already appearing for sale on Exploit.in —…
15Critical Threats
8Active CVEs
0IOCs Tracked
0New Advisories
INTEL FEED/ARCHIVE/RANSOMWARE
DMZ INTEL DESK//FILED: 2026-05-26//08:45Z
HIGH#ransomware

Nitrogen Ransomware Hits Foxconn North America; 8TB of Client IP Including Apple, Nvidia, Google Schematics Exfiltrated

The Nitrogen ransomware group posted Foxconn on its dark web leak site on May 11 and Foxconn confirmed the breach on May 12, acknowledging cyberattacks at its facilities in Mount Pleasant, Wisconsin and Houston, Texas that caused roughly 11 days of production disruption. Nitrogen claims to have exfiltrated more than 8TB across 11 million+ files including confidential technical drawings, circuit board layouts, and project documentation tied to Apple, Nvidia, Google, Intel, Dell, and AMD; AppleInsider subsequently confirmed over 30 genuine Apple server schematics from 2025–2026 in the sample set. Nitrogen is believed to be a Conti 2 code offshoot, and researchers at Coveware have flagged a bug in its ESXi encryptor that may make recovery impossible even for paying victims.

Nitrogen is believed to be a Conti 2 code offshoot, and researchers at Coveware have flagged a bug in its ESXi encryptor that may make recovery impossible even for paying victims.

This intelligence brief has been compiled from open-source reporting and corroborated across multiple threat intelligence sources. Defenders should treat the high severity rating as a guide to prioritization within their environment.

For the latest indicators of compromise, formatted SIEM queries, and unredacted actor intelligence related to this brief, DMZ Operator subscribers receive automated IOC packages via email the moment new advisories are published.

FILED UNDER:
nitrogen-ransomware · foxconn · manufacturing · supply-chain · double-extortion · apple · nvidia · intel · conti-successor · data-leak
STAY AHEAD OF THREATS
Daily intel briefs and IOC packages — delivered to your inbox the moment a new advisory drops.
SUBSCRIBE — $29/MO →
SHARE BRIEF:✕ Post on Xin Share on LinkedIn

MORE FROM ARCHIVE

# RANSOMWARE
2026-05-26
NightSpire Ransomware Posts Fresh Victims on May 25–26; Group Now at 265 Claimed Victims Across 52 Countries Amid Suspected RaaS Pivot
# RANSOMWARE
2026-05-24
ShinyHunters Instructure/Canvas Breach: 275M Records Across 8,809 Institutions Confirmed; Ransom Paid After Second-Wave Portal Defacements During Finals
# RANSOMWARE
2026-05-23
ShinyHunters Breaches Canvas LMS Instructure Third Time in Eight Months — 275M Records, 8,809 Institutions Affected
# RANSOMWARE
2026-05-19
Nitrogen Ransomware Claims 8TB Foxconn Exfiltration Including Confidential Apple, Intel, Google Technical Data from North American Factories