CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Ransomware Attack on Advantest Corporation

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Advantest Corporation, a major supplier of automatic test equipment for the semiconductor industry, detected a ransomware attack on February 15, 2026. The company confirmed an IT network intrusion and activated incident response protocols. Preliminary findings suggest unauthorized access and ransomware deployment, but the extent of data exfiltration remains unclear. No ransomware group has claimed responsibility yet. Advantest employs 7,600 people, has an annual revenue of more than $5 billion, and a market capitalization of $120 billion. The company serves key chipmakers like Intel, Samsung, and TSMC. The attack follows recent ransomware incidents in the semiconductor sector and new Japanese government OT security guidelines for semiconductor factories.

Timeline

  1. 20.02.2026 11:31 2 articles · 12h ago

    Advantest Corporation Hit by Ransomware

    On February 15, 2026, Advantest Corporation detected a ransomware attack and activated incident response protocols. Preliminary findings indicate unauthorized access and ransomware deployment, but the extent of data exfiltration remains unclear. No ransomware group has claimed responsibility yet. The company serves major chipmakers and the attack follows recent ransomware incidents in the semiconductor sector and new Japanese government OT security guidelines. The company employs 7,600 people, has an annual revenue of more than $5 billion, and a market capitalization of $120 billion. The company contracted third-party cybersecurity specialists to help isolate the threat and investigate its impact. No data theft has been confirmed, but the situation may change as more information emerges from the ongoing investigation.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Washington Hotel in Japan hit by ransomware attack

The Washington Hotel brand in Japan has disclosed a ransomware infection that compromised its servers and exposed business data. The attack occurred on February 13, 2026, and the company has engaged an internal task force and external cybersecurity experts to assess the impact and coordinate recovery efforts. Customer data is unlikely to be exposed as it is stored on separate servers managed by another company. The incident has caused some operational disruptions, including the temporary unavailability of credit card terminals, but no significant operational impact has been reported. The financial impact is currently under review, and no ransomware group has claimed responsibility.

Open in new tab

Clop extortion campaign targets Oracle E-Business Suite

The **Clop ransomware gang** has escalated its extortion campaign targeting **Oracle E-Business Suite (EBS)**, with the **University of Phoenix breach** now confirmed as one of the largest data theft incidents of 2025, impacting **3.5 million individuals**. The attack, part of a broader wave exploiting the **zero-day vulnerability CVE-2025-61882**, occurred between **August 13–22, 2025**, but went undetected until **November 21**, when the university was listed on Clop’s leak site. Compromised data includes **Social Security numbers, bank account details, and personal identifiers**, though no leaked data has surfaced publicly as of December 23, 2025. This follows Clop’s months-long exploitation of **CVE-2025-61882**, which has breached **over 100 organizations**—including Harvard University, The Washington Post, GlobalLogic, and Barts Health NHS Trust—since August 2025. The gang’s pattern of targeting **enterprise resource planning (ERP) and file transfer platforms** (e.g., Accellion FTA, GoAnywhere MFT, MOVEit Transfer) continues, with the **U.S. Department of State offering a $10 million reward** for ties to foreign state sponsorship. The campaign underscores Clop’s focus on **high-value data exfiltration** via zero-days, often leveraging **third-party vulnerabilities** to compromise multiple victims simultaneously. Oracle has since patched the flaw, but the scale of breaches—now including **educational institutions, healthcare providers, and Fortune 500 companies**—highlights persistent risks in unpatched enterprise systems.

Open in new tab

Akira Ransomware Group Disables KNP Logistics Group with Weak Password Exploit

The Akira ransomware group successfully breached KNP Logistics Group (formerly Knights of Old) in June 2025. The attackers exploited a weak employee password to gain access to the company's internet-facing systems. Once inside, they deployed ransomware, encrypted critical data, and destroyed backups, leading to the company's collapse. The incident resulted in the loss of 700 jobs and significant economic impact in Northamptonshire. The attack underscores the critical importance of strong password policies and multi-factor authentication (MFA) in preventing ransomware attacks. The breach highlights the persistent risk posed by weak passwords, with 45% of compromised passwords crackable within a minute. The attack also demonstrates the broader consequences of ransomware attacks, including job losses and economic disruption.

Open in new tab

Emergence of AI-Powered Ransomware Strain PromptLock

A new AI-powered ransomware strain, named PromptLock, has been identified by ESET researchers. The ransomware leverages an AI model to generate Lua scripts on the fly, complicating detection and defense. PromptLock is not yet active in the wild but is nearly ready for deployment. It can exfiltrate files and encrypt data, with plans to add file destruction capabilities. The ransomware was uploaded to VirusTotal from the United States and is written in Go, targeting both Windows, Linux, and macOS systems. The Bitcoin address used for ransom payments is linked to Satoshi Nakamoto. The development of AI-driven ransomware presents new challenges for cybersecurity defenders. The ransomware strain was discovered by Anton Cherepanov and Peter Strycek, who shared their findings on social media 18 hours after detecting samples on VirusTotal. The use of AI in ransomware introduces variability in indicators of compromise (IoCs), making detection more difficult. PromptLock uses the SPECK 128-bit encryption algorithm to lock files and can generate custom notes based on the files affected and the type of infected machine. The attacker can establish a proxy or tunnel from the compromised network to a server running the Ollama API with the gpt-oss-20b model.

Open in new tab

Qilin ransomware group targets multiple organizations, including South Korean financial sector and Romanian oil pipeline operator Conpet

The Qilin ransomware group has confirmed the theft of nearly **1TB of data** from **Conpet S.A.**, Romania’s national oil pipeline operator, following a cyberattack on February 5, 2026. While the company’s **operational technologies (SCADA and telecommunications) remained unaffected**, the breach compromised corporate IT systems, exposing internal documents—including financial records and passport scans—some dated as recently as **November 2025**. Conpet has warned of potential fraud risks stemming from the stolen data and is working with Romania’s **National Cyber Security Directorate (DNSC)** to investigate the incident. This attack is part of Qilin’s broader 2025–2026 campaign, which has targeted high-profile victims across **62 countries**, including **Asahi Group (Japan)**, **Mecklenburg County Public Schools (U.S.)**, **Creative Box Inc. (Nissan subsidiary)**, and **Synnovis (UK pathology provider)**. The group employs **hybrid tactics**, such as abusing **Windows Subsystem for Linux (WSL)** to deploy Linux encryptors on Windows systems, **BYOVD (Bring Your Own Vulnerable Driver) exploits**, and **supply-chain compromises via Managed Service Providers (MSPs)**. Qilin’s **double-extortion model**—combining encryption with data leaks—has disrupted critical infrastructure, manufacturing, and financial sectors, with **over 700 confirmed victims in 2025 alone**. Recent developments include **politically charged leaks in South Korea** and **collaborations with affiliates like Scattered Spider**, underscoring the group’s evolving threat to global cybersecurity.

Open in new tab