Japanese chip-testing toolmaker Advantest suffers ransomware attack

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.

What happened?

Tokyo-based Advantest is a leading manufacturer of automatic test and measurement equipment used in the design and production of semiconductors that used in computers, electronic devices (including mobile phones), autonomous vehicles, and systems used in high-performance computing (e.g., artificial intelligence systems).

The company has facilities in the Americas, Asia, and Europe, and employs over 7,600 individuals.

“Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” the company said.

“Upon detection, Advantest immediately activated its incident response protocols, isolated affected systems, and engaged leading third-party cybersecurity experts to assist in the investigation and containment of the incident.”

The investigation into the incident is ongoing, and it’s still unknown whether customer or employee data was affected. There has also been no mention of any significant disruption to the operation of the manufacturer’s facilities.

“Advantest is focused on understanding the full extent of this incident while reinforcing all possible defenses,” the company added, and promised to provide regular updates about the investigation.

Manufacturing sector and the ransomware threat

Industrial cybersecurity company Dragos reported that in the past year, 119 ransomware groups hit over 3,300 industrial organizations. Over two-thirds of those victims were manufacturers.

“[In 2025], Sophos X-Ops has observed ransomware activity across leak sites and found that 99 distinct threat groups targeted manufacturing organizations. The most prominent groups targeting manufacturing organizations based on leak site observations are [Akira, Qilin, and Play],” the UK-based cybersecurity company shared in December 2025.

“Over half of the ransomware incidents handled by Sophos Emergency Incident Response involved both data theft and data encryption, underscoring the continued rise of double extortion tactics where stolen data is held to ransom and threatened with publication on a leak site.”

The semiconductor ecosystem has also been targeted by state-backed threat actors looking steal intellectual property (proprietary designs, manufacturing processes, etc.)

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!