CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Ransomware Attack on Advantest Corporation

First reported
Last updated
3 unique sources, 3 articles

Summary

Hide ▲

Advantest Corporation, a major supplier of automatic test equipment for the semiconductor industry, detected a ransomware attack on February 15, 2026. The company confirmed an IT network intrusion and activated incident response protocols. Preliminary findings suggest unauthorized access and ransomware deployment, but the extent of data exfiltration remains unclear. No ransomware group has claimed responsibility yet. Advantest employs over 7,500 people, has an annual revenue of more than $5 billion, and a market capitalization of $120 billion. The company serves key chipmakers like Intel, Samsung, and TSMC. The attack follows recent ransomware incidents in the semiconductor sector and new Japanese government OT security guidelines for semiconductor factories.

Timeline

  1. 20.02.2026 11:31 3 articles · 4d ago

    Advantest Corporation Hit by Ransomware

    On February 15, 2026, Advantest Corporation detected a ransomware attack and activated incident response protocols. Preliminary findings indicate unauthorized access and ransomware deployment, but the extent of data exfiltration remains unclear. No ransomware group has claimed responsibility yet. The company serves major chipmakers and the attack follows recent ransomware incidents in the semiconductor sector and new Japanese government OT security guidelines. The company employs over 7,500 people, has an annual revenue of more than $5 billion, and a market capitalization of $120 billion. The company contracted third-party cybersecurity specialists to help isolate the threat and investigate its impact. No data theft has been confirmed, but the situation may change as more information emerges from the ongoing investigation.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Washington Hotel in Japan hit by ransomware attack

The Washington Hotel brand in Japan has disclosed a ransomware infection that compromised its servers and exposed business data. The attack occurred on February 13, 2026, and the company has engaged an internal task force and external cybersecurity experts to assess the impact and coordinate recovery efforts. Customer data is unlikely to be exposed as it is stored on separate servers managed by another company. The incident has caused some operational disruptions, including the temporary unavailability of credit card terminals, but no significant operational impact has been reported. The financial impact is currently under review, and no ransomware group has claimed responsibility.

Open in new tab

Manufacturing Sector Continues to Face Heightened Ransomware Threats

Manufacturing remains the top target for ransomware attacks, with 22% of all reported incidents between April 2024 and March 2025. The sector's critical role in global supply chains makes it an attractive target for attackers who exploit security gaps and leverage AI to enhance their tactics. Recent high-profile incidents, such as the attack on Jaguar Land Rover, highlight the severe disruption and financial losses caused by these attacks. The manufacturing industry's reliance on legacy systems and the convergence of IT and OT environments create significant security challenges. Experts emphasize the need for robust patch management, network segmentation, and proactive third-party risk management to mitigate these threats.

Open in new tab

Clop extortion campaign targets Oracle E-Business Suite

The **Clop ransomware gang** has escalated its extortion campaign targeting **Oracle E-Business Suite (EBS)**, with the **University of Phoenix breach** now confirmed as one of the largest data theft incidents of 2025, impacting **3.5 million individuals**. The attack, part of a broader wave exploiting the **zero-day vulnerability CVE-2025-61882**, occurred between **August 13–22, 2025**, but went undetected until **November 21**, when the university was listed on Clop’s leak site. Compromised data includes **Social Security numbers, bank account details, and personal identifiers**, though no leaked data has surfaced publicly as of December 23, 2025. This follows Clop’s months-long exploitation of **CVE-2025-61882**, which has breached **over 100 organizations**—including Harvard University, The Washington Post, GlobalLogic, and Barts Health NHS Trust—since August 2025. The gang’s pattern of targeting **enterprise resource planning (ERP) and file transfer platforms** (e.g., Accellion FTA, GoAnywhere MFT, MOVEit Transfer) continues, with the **U.S. Department of State offering a $10 million reward** for ties to foreign state sponsorship. The campaign underscores Clop’s focus on **high-value data exfiltration** via zero-days, often leveraging **third-party vulnerabilities** to compromise multiple victims simultaneously. Oracle has since patched the flaw, but the scale of breaches—now including **educational institutions, healthcare providers, and Fortune 500 companies**—highlights persistent risks in unpatched enterprise systems.

Open in new tab

Akira Ransomware Group Disables KNP Logistics Group with Weak Password Exploit

The Akira ransomware group successfully breached KNP Logistics Group (formerly Knights of Old) in June 2025. The attackers exploited a weak employee password to gain access to the company's internet-facing systems. Once inside, they deployed ransomware, encrypted critical data, and destroyed backups, leading to the company's collapse. The incident resulted in the loss of 700 jobs and significant economic impact in Northamptonshire. The attack underscores the critical importance of strong password policies and multi-factor authentication (MFA) in preventing ransomware attacks. The breach highlights the persistent risk posed by weak passwords, with 45% of compromised passwords crackable within a minute. The attack also demonstrates the broader consequences of ransomware attacks, including job losses and economic disruption.

Open in new tab

Ransomware Attacks Continue to Evade Defenses Despite Security Efforts

Ransomware remains a top threat to global organizations, with attackers bypassing defenses despite extensive prevention and detection efforts. Double extortion tactics are prevalent, and some groups focus solely on data theft and extortion. The Picus Security Blue Report 2025 reveals a decline in prevention effectiveness, particularly in data exfiltration, highlighting critical gaps in defenses. Security teams must continuously validate their defenses against both known and emerging ransomware strains to ensure readiness. Breach and Attack Simulation (BAS) provides real-time validation of defenses, showing where protections stand or fail. The report underscores the need for ongoing testing and validation to address persistent gaps in malware delivery, detection, data exfiltration, and endpoint protection.

Open in new tab