Japanese semiconductor testing equipment manufacturer Advantest has confirmed it was targeted in a ransomware attack following the discovery of suspicious activity within its IT systems on February 15, 2026. The company publicly acknowledged the incident last Thursday.
Headquartered in Tokyo, Advantest is a major producer of automatic test and measurement systems essential to semiconductor development and manufacturing. Its technologies support a wide range of applications, including computers, consumer electronics such as mobile phones, autonomous vehicles, and high-performance computing systems like artificial intelligence platforms. The company operates across the Americas, Asia, and Europe and employs more than 7,600 people worldwide.
In an official statement, the company said, “Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” the company said.
The firm added, “Upon detection, Advantest immediately activated its incident response protocols, isolated affected systems, and engaged leading third-party cybersecurity experts to assist in the investigation and containment of the incident.”
The investigation remains ongoing, and it is not yet clear whether any customer or employee information was compromised. Advantest has not reported any major operational interruptions at its manufacturing facilities so far.
Reaffirming its response efforts, the company stated, “Advantest is focused on understanding the full extent of this incident while reinforcing all possible defenses,” the company added, and promised to provide regular updates about the investigation.
Manufacturing Sector Increasingly Targeted by Ransomware Groups
The incident highlights a broader cybersecurity challenge facing industrial organizations worldwide. According to industrial cybersecurity firm Dragos, ransomware actors targeted more than 3,300 industrial entities over the past year, with 119 separate ransomware groups involved. Manufacturers accounted for over two-thirds of those affected organizations.
Similarly, UK-based cybersecurity company Sophos reported a significant rise in attacks against manufacturing firms. The company stated, “[In 2025], Sophos X-Ops has observed ransomware activity across leak sites and found that 99 distinct threat groups targeted manufacturing organizations. The most prominent groups targeting manufacturing organizations based on leak site observations are [Akira, Qilin, and Play],” the UK-based cybersecurity company shared in December 2025.
Sophos further emphasized the growing use of double extortion tactics, noting, “Over half of the ransomware incidents handled by Sophos Emergency Incident Response involved both data theft and data encryption, underscoring the continued rise of double extortion tactics where stolen data is held to ransom and threatened with publication on a leak site.”
Beyond financially motivated cybercriminal groups, the semiconductor supply chain has increasingly drawn attention from state-sponsored threat actors seeking to obtain valuable intellectual property, including proprietary chip designs and specialized manufacturing processes.
