Data I/O Ransomware Attack Disrupts Operations
Summary
Hide β²
Show βΌ
Data I/O, a tech manufacturer based in Redmond, Washington, experienced a ransomware attack on August 16, 2025. The incident prompted the company to take certain systems offline and implement mitigation measures. The attack affected shipping, manufacturing, production, and other functions, leading to ongoing outages as of August 21. The full scope and impact of the attack remain unknown, with a third-party investigation underway. The company has not yet informed affected individuals. The attack has not yet been determined to have a material impact on the company's business operations, but the costs associated with the incident are expected to be significant. The attack is currently ongoing, with the company working to restore affected systems. The specific ransomware variant and the initial vector of the attack have not been disclosed.
Timeline
-
26.08.2025 22:42 π° 1 articles Β· β± 21d ago
Data I/O Experiences Ransomware Attack
On August 16, 2025, Data I/O suffered a ransomware attack that disrupted shipping, manufacturing, production, and other functions. The company took systems offline and implemented mitigation measures. As of August 21, the full scope and impact of the attack remain unknown, with a third-party investigation underway. The company has not yet informed affected individuals, and the costs associated with the incident are expected to be significant.
Show sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
Information Snippets
-
Data I/O experienced a ransomware attack on August 16, 2025.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The attack affected shipping, manufacturing, production, and other functions.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The company took certain systems offline and implemented mitigation measures.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
As of August 21, 2025, the company was still working to restore affected systems.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The full scope and impact of the attack remain unknown.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
A third-party investigation is underway to determine the extent of the breach.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The company has not yet informed affected individuals.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The attack has not yet been determined to have a material impact on the company's business operations.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The costs associated with the incident are expected to be significant.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
-
The specific ransomware variant and the initial vector of the attack have not been disclosed.
First reported: 26.08.2025 22:42π° 1 source, 1 articleShow sources
- Data I/O Becomes Latest Ransomware Attack Victim β www.darkreading.com β 26.08.2025 22:42
Similar Happenings
Supply Chain Attack on npm Packages with Billions of Weekly Downloads
A supply chain attack compromised multiple npm packages with over 2.6 billion weekly downloads. Attackers injected malicious code into these packages after hijacking a maintainer's account via phishing. The malware targets web-based cryptocurrency transactions, redirecting them to attacker-controlled wallets. The attack was detected and mitigated by the NPM team, who removed the malicious versions within two hours. The phishing campaign targeted multiple maintainers, using a fake domain to trick them into updating their 2FA credentials. The malicious code operates by hooking into JavaScript functions and wallet APIs, intercepting and altering cryptocurrency transactions. The attack impacts users who installed the compromised packages during a specific time window and have vulnerable dependencies. The attack targeted Josh Junon, also known as Qix, who received a phishing email mimicking npm. The phishing email prompted the maintainer to enter their username, password, and 2FA token, which were stolen via an adversary-in-the-middle (AitM) attack. The attack affected 20 packages, including ansi-regex, chalk, debug, and others, with over 2 billion weekly downloads. The malware intercepts cryptocurrency transaction requests by computing the Levenshtein distance to swap the destination wallet address. The payload hooks into window.fetch, XMLHttpRequest, and window.ethereum.request, along with other wallet provider APIs. The attack also compromised another maintainer, duckdb_admin, to distribute the same wallet-drainer malware. The affected packages from the second maintainer include @coveops/abi, @duckdb/duckdb-wasm, and prebid, among others. The attack impacted roughly 10% of all cloud environments. The attackers diverted five cents worth of ETH and $20 worth of a virtually unknown memecoin. The attackerβs wallet addresses holding significant amounts have been flagged, limiting their ability to convert or use the funds.
Noisy Bear Phishing Campaign Against KazMunaiGas Identified as Planned Test
A phishing campaign targeting KazMunaiGas employees was initially attributed to the Noisy Bear threat actor. The campaign, codenamed Operation BarrelFire, involved phishing emails with malicious attachments. KazMunaiGas later clarified that the activity was part of a planned phishing test conducted in May 2025. The campaign used a ZIP file containing a Windows shortcut (LNK) downloader, a decoy document, and instructions in Russian and Kazakh. The LNK file dropped additional payloads, including a PowerShell loader and a DLL-based implant. The infrastructure was hosted on a Russia-based bulletproof hosting service. The campaign was initially reported in September 2025, with KazMunaiGas confirming it was a test in response to the report. The Noisy Bear threat actor has been active since at least April 2025, with the campaign involving sophisticated techniques such as anti-analysis measures and CreateRemoteThread Injection. The activity has geopolitical implications, potentially aiming to sustain information advantage in Central Asia.
Bridgestone manufacturing facilities impacted by cyberattack
Bridgestone Americas, the North American division of Bridgestone Corporation, is investigating a cyberattack that has disrupted operations at all manufacturing facilities in North America. The attack, detected on September 2, 2025, affected facilities in Aiken County, South Carolina, and Joliette, Quebec. Bridgestone's rapid response reportedly contained the incident early, preventing customer data theft or extensive network infiltration. The company is working to mitigate the impact on its supply chain and ensure business continuity. The exact nature and scope of the cyber incident remain unknown.
Cloudflare mitigates record 11.5 Tbps UDP flood DDoS attack
Cloudflare recently blocked the largest recorded volumetric DDoS attack, peaking at 11.5 Tbps. The attack was a UDP flood, primarily originating from a combination of several IoT and cloud providers, including Google Cloud, and lasted approximately 35 seconds. Volumetric DDoS attacks overwhelm targets with massive data, consuming bandwidth and exhausting resources. This attack is part of a recent surge in hyper-volumetric DDoS attacks, with Cloudflare autonomously blocking hundreds over the past few weeks. This attack follows a 7.3 Tbps DDoS attack in June 2025 and a 3.8 Tbps attack in October 2024, both mitigated by Cloudflare. The increase in DDoS attacks highlights the escalating threat landscape and the need for robust cybersecurity defenses. The attack involved the RapperBot botnet, which targets network video recorders (NVRs) and other IoT devices, exploiting security flaws to gain initial access and download the malware payload.
Jaguar Land Rover Production Disrupted by Cyberattack
Jaguar Land Rover (JLR) experienced a cyberattack that severely disrupted its production and retail operations. The attack prompted the company to shut down several systems to mitigate the impact. Customer data was compromised, and the exact nature of the attack and the timeline for recovery remain unclear. The incident affected multiple systems, including those at the Solihull production plant, where popular models like the Land Rover Discovery and Range Rover are manufactured. The attack occurred over the weekend, a common time for such incidents due to reduced response capabilities. This is the second cyberattack JLR has suffered this year, raising concerns about potential vulnerabilities from the previous attack. JLR has extended the production shutdown for another week, with operations expected to resume on September 24, 2025. The company is still investigating the incident and has not attributed the breach to a specific cybercrime group.