Critical EUV chipmaking tool supplier hacked, pressed to pay $10 million for ransomware unlock – Hoya dismisses hack as an ‘IT system incident’

Hoya mask blanks and photomasks
(Image credit: Hoya Corp.)

Japanese optical technology leader Hoya Corporation recently admitted (PDF) to being affected by an “IT system incident affecting the functional IT systems of our headquarters and several of our business divisions.” However, according to France’s LeMagIT, the incident would be better described as a ransomware attack, with Hoya facing demands for $10 million to unlock encrypted files and for the hackers to keep secret the data stolen during the security breach. Hoya is an essential player in the semiconductor industry as a leader in the development of products for EUV lithography. As a result, its trade secrets could be particularly valuable to rivals or sanctioned nations.

According to reports, the Hoya cyberattack was undertaken by ‘Hunters International.’ This group is thought to have formed after collaborative work between the FBI and law enforcement in Germany and the Netherlands dismantled the notorious ransomware-as-a-service group known as Hive. Despite the evidence, Hunters International denies any affiliation with Hive.

Some of the purported details of the Hunters International ransomware demand are that the group asked for $10 million for a file decryptor. Also, part of the deal would be a pledge by the ransomware group not to release any of the 1.7 million files (2TB of data) that it stole during the hack(s) on Hoya computers.

Interestingly, Hunters International claims to be applying a non-negotiation, no-discount policy to its Hoya data haul. This news morsel again needs a pinch of salt, as neither any ransomware group nor Hoya has released communications to confirm the true nature of the ‘incident’ affecting Hoya’s servers. However, LeMagIT’s screenshots, allegedly taken from “Hunters International infrastructure,” are an obvious smoking gun.

Hoya mask blanks and photomasks

(Image credit: Hoya Corp.)

Hoya’s key IT products

  • Mask blanks and photomasks for semiconductor manufacturing
  • Photomasks for flat panel displays
  • Glass disks for hard disk drives
  • Optical glass / optical lenses
  • Colored glass filters
  • Laser equipment / UV light resources

As we mentioned in the intro, this isn’t just commercial and customer data at stake. Hoya Corporation is a pillar of the West’s advanced semiconductor advantage over sanctioned countries like China, Russia, and other despotic nations. Hopefully, action will be taken, and data won’t be sold to or ‘accidentally’ leaked to sanctioned countries.

Mark Tyson
Freelance News Writer

Mark Tyson is a Freelance News Writer at Tom's Hardware US. He enjoys covering the full breadth of PC tech; from business and semiconductor design to products approaching the edge of reason.

  • hotaru251
    I'd question the likelyhood this remains "confidential" given the value of the data they managed to get...theres many people who likely would offer well over 10M for that info given the geopolitical nature around chipmaking tech atm.
    Basically have to do a "trust me bro" with a criminal.
  • passivecool
    It's game theory, though, isn't it? if these prominent hackers were to ruin their reputation as "Honest Criminals", no one in the future will be willing to pay up. It's a bit perverted to look at it this way, but customer value must go first if you want to maintain your business model long-term.