Nitrogen hacked – A May 2026 ransomware intrusion by the Nitrogen group into Foxconn facilities in North America has produced leaked files that appear to include more than 30 genuine, confidential Apple documents—centered on Apple server component designs, rack specifications,
By the time more sample files surfaced, the story had shifted—from “maybe nothing was taken” to “someone took real, detailed documentation.”
In May 2026, a ransomware group called Nitrogen hacked into Foxconn facilities in North America, a breach first reported on May 12. At the start, the available sample files suggested the attackers did not obtain any Apple documentation.
That changed when additional sample files were provided. The newly available set includes more than 30 confidential Apple documents, and they appear to be genuine. The files carry the hallmarks of real Apple documentation, even though the details and links are not being shared.
The schematics Nitrogen obtained include designs for Apple server components from March 2026 and late 2025. The haul also includes Apple server rack specifications and manuals spanning 2020 through 2023. These schematics were created using Siemens NX, and they match the format and style used by Apple. Inside the documents. dimensions for brackets. components. and spacers are described. along with the chassis design for an internal Apple server.
The most significant file in the sample lays out Apple’s Matterhorn project. It details Apple server configurations that use Intel’s Whitley and Eagle Stream platforms, including specifications of Apple servers as well as their board layout and architecture.
In that file. the high-end Apple servers shown rely on two 32-core Intel Ice Lake CPUs—more commonly known as 3rd Gen Intel Xeon Scalable processors—running at 2.2GHz. The configuration also specifies 24 sticks of 128GB DDR4 RAM and Nvidia T4 GPUs. plus multiple 8TB NVMe drives. among other components.
Nitrogen also acquired confidential Intel documents, including debugging and JTAG processes for the Xeon-focused platforms. Those Intel files cover security layers, board designs, and other aspects of Intel hardware.
Apple Silicon context matters here. Even if these Intel-based server configurations have likely been replaced by more powerful Apple Silicon variants, the collection still provides a rare window into the processing power Apple required as recently as 2023.
Alongside the Matterhorn overview and the schematics, Nitrogen provided four Apple server-related guides and specification documents:
Apple AC Rack Specification
Apple Bulk and Single Packaging Requirements
Apple Matterhorn RoT Mezzanine Information
Apple Server and Storage — Mechanical, Thermal, Industrial, and Packaging Specifications
Three of those documents were written by Apple’s Data Center Hardware and Infrastructure Mechanical Development Leader, Kelly Smith. The fourth document in the sample was written by Clifford Gaw, Apple’s System Hardware Lead.
Taken together. the documents are physical and operational: they detail the physical properties of Apple’s internal server racks. including dimensions and approved colors. the maximum weight those racks can carry. and instructions for airflow maintenance. leveling feet. mounting side panels. safety and stability tests. and more.
But there’s a limit to how much damage this particular batch can do—at least from what’s been shared so far. The files appear useful mainly if someone has an Apple server to work with. or an entire rack full of them. The sample does not include anything tied to the chips powering Apple Silicon-based servers. nor does it contain material that explains the purpose of the servers themselves.
That omission matters because a chassis or bracket plan isn’t the same thing as a pathway to copying the next generation. If Nitrogen actually has additional details covering Apple Silicon servers—motherboard layouts. configurations. and the total number of servers produced—Apple could face bigger problems. Rival AI companies could then potentially copy Apple’s designs or iterate on them.
The risk lands in a wider climate where Apple’s AI momentum is already under scrutiny. Apple’s Siri personal context feature, announced at WWDC 2024, still isn’t here, and compromised server designs won’t help.
Server plans aren’t the only thing Nitrogen reportedly took. The same Foxconn intrusion produced confidential documents tied to AMD, Broadcom, Google, Intel, Hewlett-Packard, Micron, Nvidia, Samsung, and Seagate.
Documents related to Google servers were among the files. So were materials involving a long list of suppliers and hardware-related companies. including Altera. Ampere. Amphenol Power Solutions. Avago. Hilisin. Holy Stone Enterprise. ITG Electronics. Infineon. JCTC. Lotes. Molex. Nexperia. PennEngineering. Puya. Renesas. TA-i Technology. TXC. Walsin. Winbond. and Yageo.
The sample also points to Foxconn’s Cloud Network Technology, a Houston, Texas-based business owned by Foxconn. The files include a shipping label for equipment sent by Hewlett-Packard, among other items.
The Intel and Nvidia documentation inside the batch runs deep. AMD documents include a motherboard design guide for FL1 processors and SP5 sockets. and technical specifications for the MI300X-O Universal Base Board. The Nvidia material includes printed circuit board fabrication specifications and board handling requirements.
Also present are files tied to Nvidia’s HGX Blackwell 8-GPU, HGX H20 8-GPU, and HGX Hopper 8-GPU, along with documents concerning GB NVL 72, GB 200 NVL, and GB 300 NVL72 compute trays. The collection includes a file related to the Nvidia Tesla GH200 module as well.
Hewlett-Packard and Google server documents describe components and server designs. including materials related to an enterprise server called HPE Hoth Tromper. Board designs for that server appear in the sample too. For Google, the GhostFish Fish shelf is detailed in a separate test-related document.
The attackers’ haul extends into memory and storage. Files describe technical specifications of Micron DDR4 SDRAM and Samsung 16GB DDR4 SDRAM modules and their various components. There are also storage device documents, including one covering the mechanical hard drive design for the Seagate Exos 2×18.
Nearly all the documents are in English and appear to be related to Foxconn facilities in North America. The sample also includes PDFs of Foxconn emails in Chinese, though their content remains server-related. Some files contain regulatory compliance information and describe hardware testing procedures.
The boundaries of what was taken are still visible. Nearly everything shared so far is server-focused. with no documents linked to Foxconn’s Guanlan and Zhengzhou facilities—plants that assemble other Apple products such as the iPhone. There is nothing in the sample related to iPad. Mac. or Apple Vision Pro assembly. despite Foxconn’s role in manufacturing those device lines.
That aligns with the reality that North America assembly plants such as the one in Mount Pleasant, Wisconsin, or the one in Houston, Texas, do not assemble Apple products beyond servers.
Still, the full scope of the Foxconn cyberattack remains undetermined. The ransomware group responsible says it stole over 11 million files—allegedly equivalent to eight terabytes.
At least for now, it does not appear the attack will yield significant Apple design leaks. But the tension in the evidence is hard to miss: the sample so far may not be the end of it. If Nitrogen does have deeper Apple Silicon server details. the consequences could broaden quickly—past schematics. and into the architecture rivals would actually want to copy.
Nitrogen ransomware Foxconn hack Apple server schematics Matterhorn project Siemens NX Apple AC Rack Specification Apple Server and Storage specifications Intel Ice Lake Xeon Nvidia T4 Apple Silicon risk