Advantest confirms ransomware hit parts of corporate network

Advantest Corporation said it detected unusual activity in its IT environment on Feb. 15 and publicly disclosed on Feb. 19 that a ransomware incident may have affected parts of its corporate network. The Tokyo-based maker of automatic test equipment for semiconductors said it immediately activated incident response protocols, isolated affected systems, and brought in outside cybersecurity specialists to investigate and contain the intrusion.

The company said investigation is ongoing and cautioned that facts are subject to change as forensic work proceeds. “Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” the company said. It added, “If our investigation determines that customer or employee data was affected, we will notify impacted persons directly and provide guidance on protective measures.”

Advantest has not disclosed which systems or business units were touched, nor has it identified a malware family, initial access vector, or any technical indicators of compromise. There is no public confirmation that customer or employee data was exfiltrated, and the company has not said whether any ransom demand was received or paid. As of Feb. 20, no ransomware group had claimed responsibility for the attack.

The limited public details leave key operational questions unanswered. Advantest did not indicate whether the intrusion affected manufacturing test systems, field equipment, supply chain operations, or corporate services such as email and enterprise resource planning. The company is listed on the Tokyo Stock Exchange under ticker TSE: 6857, and it designs and manufactures automatic test equipment used to verify advanced semiconductors and electronic components during manufacturing.

Security specialists and corporate incident responders typically isolate networks and engage independent forensic teams to preserve evidence and limit lateral movement. Advantest said it engaged third-party cyber experts for that purpose; it has also invoked regulatory and disclosure obligations tied to its public listing. The company pledged transparency and direct notification should the investigation confirm data compromise.

The incident comes amid a broader wave of ransomware targeting Japanese companies. Last year, major attacks hit beverage maker Asahi Group Holdings and office goods supplier Askul, underscoring a pattern of disruption aimed at critical corporate infrastructure. The semiconductor sector in particular is considered high value because chips power telecommunications, cloud computing, 5G networks, and artificial intelligence systems. Experts warn that attacks on suppliers of test and production equipment can ripple across manufacturing supply chains even if no customer data is stolen.

For now, customers and partners are left to await further disclosure. Advantest has committed to update stakeholders as the investigation uncovers additional facts. Journalists and investors seeking immediate detail should monitor the company’s formal statements and any filings with regulatory authorities; security researchers will be watching for published indicators or claims by threat actors that could clarify the scope and technical nature of the intrusion.

With the forensic phase still underway, the primary confirmed impacts are the company’s containment steps and the potential for downstream supply chain concern. The investigation’s findings will determine whether the incident remains a contained IT breach or escalates into a broader operational and customer-impact event.