editorially independent. We may make money when you click on links
to our partners.
Learn More
Japanese semiconductor equipment company Advantest has confirmed it was hit by a ransomware attack after detecting unusual activity inside its corporate network on February 15.
The company says an unauthorized third party may have accessed internal systems and deployed ransomware, potentially affecting sensitive data tied to customers or employees.
“Preliminary findings appear to indicate that an unauthorized third party may have gained access to portions of the company’s network and deployed ransomware,” said Advantest in its incident notification.
What We Know About the Advantest Cyberattack
Advantest employs approximately 7,600 people, generates more than $5 billion in annual revenue, and serves as a key player in the global semiconductor supply chain.
Its testing systems and measurement equipment support the production of semiconductors, digital consumer devices, and wireless communications technologies — core components of the global technology supply chain that underpin everything from automotive manufacturing to cloud infrastructure.
After detecting suspicious activity on February 15, Advantest said it activated established incident response protocols.
The company isolated affected systems to contain the threat and prevent further spread across its environment and engaged third-party cybersecurity specialists to conduct forensic analysis and assess the scope of the intrusion.
At the time of writing, no threat actor group has publicly claimed responsibility, and Advantest has not confirmed whether any data was exfiltrated, though the company has reported a possible ransomware attack.
The company said the investigation is ongoing and that additional details, including how the attacker gained initial access, will be shared as findings are confirmed.
Reducing Ransomware Blast Radius
While the investigation is ongoing, the incident reinforces the importance of several foundational security best practices, including:
- Isolate affected systems quickly and use network segmentation to contain lateral movement and reduce overall blast radius.
- Enforce strong identity and access controls by requiring MFA for all remote and privileged access, eliminating standing administrative privileges, and implementing just-in-time access.
- Harden Active Directory and core infrastructure by restricting DCSync permissions, disabling legacy authentication protocols where possible, and closely monitoring privilege escalation activity.
- Deploy endpoint detection and response (EDR) tools with behavioral monitoring to identify ransomware activity, living-off-the-land techniques, and unusual process behavior.
- Strengthen remote access security by limiting internet-facing services, enforcing conditional access policies, and monitoring for brute-force or credential-based attacks.
- Maintain immutable, regularly tested backups that are isolated from production systems and protected with strong access controls.
- Regularly test and refine incident response plans through tabletop and simulation exercises to ensure rapid detection, coordinated containment, and effective recovery.
Together, these measures help organizations limit operational disruption, reduce the blast radius of a potential breach, and strengthen overall cyber resilience.
Ransomware Threats Extend Across Supply Chains
As Advantest’s investigation continues, the incident highlights that ransomware risk extends to organizations of all sizes, including established global technology firms.
For companies operating within critical supply chains, maintaining strong security controls, effective containment processes, and reliable recovery plans is key to reducing operational impact and maintaining business continuity.
Incidents like this are prompting organizations to adopt zero-trust solutions to improve access controls, limit lateral movement, and reduce the impact of potential breaches.
