Advantest Hit by Ransomware Attack, Disrupting Chip Testing
▼ Summary
– Advantest, a major Japanese semiconductor testing equipment manufacturer, confirmed a ransomware attack after detecting unusual IT activity on February 15, 2026.
– The company responded by isolating affected systems and engaging cybersecurity experts, with the ongoing investigation yet to determine if customer or employee data was compromised.
– The manufacturing sector is a prime target for ransomware, with over 3,300 industrial organizations, mostly manufacturers, hit by 119 groups in the past year.
– In 2025, manufacturing was targeted by 99 distinct ransomware groups, with Akira, Qilin, and Play being the most prominent, often using double extortion tactics.
– The semiconductor industry also faces threats from state-backed actors seeking to steal intellectual property like proprietary designs and manufacturing processes.
A leading Japanese manufacturer of semiconductor testing equipment, Advantest, has confirmed a significant ransomware attack on its corporate network. The company first detected unusual activity within its IT systems on February 15, 2026, and publicly disclosed the incident late last week. Advantest is a critical player in the global chip supply chain, producing the sophisticated automated testers essential for validating semiconductors used in everything from smartphones and computers to artificial intelligence systems and autonomous vehicles.
Headquartered in Tokyo with a global workforce exceeding 7,600 people, the company operates facilities across the Americas, Asia, and Europe. In an official statement, Advantest indicated that an unauthorized party likely accessed parts of its network and deployed ransomware. Upon discovery, the firm’s internal security team immediately enacted its incident response plan. This involved isolating the compromised systems from the broader network and bringing in external cybersecurity specialists to help investigate and contain the breach.
The full scope of the intrusion remains under active investigation. It is not yet clear whether sensitive customer information or employee data was accessed or exfiltrated. Advantest has stated that its primary focus is determining the complete impact of the attack while strengthening its defensive measures across the organization. The company has committed to providing ongoing updates as the inquiry progresses. Notably, there has been no report of major operational disruptions at its manufacturing sites, suggesting core production may have been insulated from the IT network compromise.
This incident highlights the persistent and severe ransomware threat facing the industrial manufacturing sector. According to data from industrial cybersecurity firm Dragos, ransomware groups attacked more than 3,300 industrial organizations in a single recent year, with manufacturers accounting for over two-thirds of those victims. Another report from cybersecurity company Sophos, published in December 2025, identified 99 distinct threat groups that had targeted manufacturing entities. Groups like Akira, Qilin, and Play were noted as particularly active against the industry.
The Sophos analysis also pointed to a troubling trend in these attacks: the widespread use of double extortion tactics. In more than half of the ransomware incidents investigated by their emergency response team, threat actors both encrypted data and stole it. This dual approach allows criminals to demand a ransom for the decryption key while simultaneously threatening to publish the stolen proprietary information on leak sites if a separate payment is not made.
Beyond financially motivated ransomware gangs, the semiconductor industry also faces threats from state-sponsored actors seeking to steal valuable intellectual property. These groups aim to pilfer proprietary chip designs, advanced manufacturing processes, and other trade secrets that provide a competitive edge. The attack on a pivotal supplier like Advantest underscores the interconnected vulnerabilities within the high-tech ecosystem, where a breach at one node can have ripple effects across the entire global supply chain.
(Source: HelpNet Security)
