One Factory — Billions of Devices. Ransomware Attack Hits Apple, Microsoft, and Other Giants
Researchers uncover a vulnerability in global supply chains.
Researchers uncover a vulnerability in global supply chains.
On August 16, the American company Data I/O, one of the largest electronics manufacturers working with clients such as Amazon, Apple, Google, and Microsoft, detected a ransomware attack. The incident was so severe that the company has still not resumed full operations, as stated in a notification to the U.S. Securities and Exchange Commission (SEC).
The disruption affected key processes: internal and external communications, warehouse operations, production lines, logistics, and support services were temporarily disrupted. Some systems have been brought back online, but others remain unavailable, and the company has not provided a timeline for full stabilization. An investigation into the circumstances of the hack is underway, but there is no information yet on whether the attackers stole customer data. No known cybercriminal group has claimed responsibility for the attack, and Data I/O does not appear on sites where data leaks are typically published.
According to the report filed with the SEC, the malware encrypted internal IT systems. After detecting the infection, the company activated its response plan, took some services offline to contain the threat, and implemented additional security measures. External cybersecurity experts were brought in to restore the infrastructure and analyze the attack.
Data I/O serves not only technology corporations but also leading global automotive and industrial systems manufacturers. Their equipment is used, for example, for programming electronic control units for engines, braking systems, and instrument panels. The company's solutions are also used in the Internet of Things (IoT) and industrial automation sectors—for embedding firmware and cryptographic keys into devices during the assembly stage. All this makes it an extremely attractive target for cybercriminals: the theft of such data could be used for both extortion and industrial espionage.
The increase in attacks on industrial organizations is confirmed by statistics. According to data from Dragos, the number of ransomware incidents in this sector in 2024 grew by 87%, reaching 1,693. In a quarter of the cases, business operations were completely halted; in other cases, activities were partially disrupted. A similar conclusion was reached by the FBI's IC3 unit: ransomware remains the primary threat to critical infrastructure. In 2024, the agency registered about 4,900 incidents related to this segment, of which 1,403 were ransomware attacks. The most commonly used malware variants were Akira, LockBit, RansomHub, Fog, and PLAY.
Thus, the case with Data I/O fits into a broader, alarming trend: cybercriminals are increasingly targeting the industrial sector and equipment manufacturers, counting on the maximum impact from paralyzing processes and the victims' willingness to pay to restore operations and safeguard data.