Stanislav Loginov - stock.adobe.
Qilin gang claims cyber attack on Japanese brewing giant
The Qilin ransomware gang has claimed responsibility for a cyber attack that has halted brewing at Asahi Group Holdings, causing Japanese retailers to run low on beer
The Qilin ransomware operation has claimed responsibility for a ransomware attack on Japanese brewer Asahi Group Holdings, after listing the organisation on its dark web leak site on 7 October.
In the listing, which was first noted by consumer cyber site Comparitech, the Qilin gang said it had forced its victim to shutter six breweries with the attack affecting 30 sites, potentially causing significant damage to the organisation’s profits.
The cyber criminals claimed to have stolen between nine and ten thousand files comprising 27GB of data. They said the data trove includes financial documents, budgets and contracts, planning and development forecasts, and employee data.
The veracity of Qilin’s claims have not been proven, but in its most recent statement on the security incident – dated 3 October – Asahi confirmed it had fallen victim to a ransomware attack although it offered no further details on the identity of the perpetrators.
The organisation said it took immediate action to contain and respond to the attack, with the highest priority placed on safeguarding critical data, including customer and partner information.
Asahi said it had reason to suspect data had been stolen and investigations into this are ongoing. It has suspended a number of operations in Japan including ordering and product shipping, but hopes to restore some systems this week.
Atsushi Katsuki, Asahi president and group CEO, said: “I would like to sincerely apologise for any difficulties caused to our stakeholders by the recent system disruption. We are continuing our investigation to determine the nature and scope of the potential unauthorised data transfer.
“We are making every effort to restore the system as quickly as possible, while implementing alternative measures to ensure continued product supply to our customers. We appreciate your understanding and support.”
Production shutdown
According to reports, Asahi has warned retailers in Japan that beer supplies may soon run dry. Immersive senior manager of cyber Kevin Marriott said that while the disruption at Asahi was confined to Japan, the company accounts almost 40% of the country’s domestic beer market and the disruption would prove costly.
“As we have seen recently with the retail sector and JLR [Jaguar Land Rover], production and supply chain halts can be extremely expensive for businesses. This is why having procedures in place that protect operations is crucial,” he said.
“Cyber criminals are increasingly targeting the operations of global brands, with Asahi the latest victim. Manufacturing networks are complex ecosystems, spanning legacy infrastructure, external suppliers, diverse technologies, and competing priorities around safety and availability. A breach in one area can quickly ripple through supply chains and disrupt operations. True cyber resilience means organisations can anticipate, withstand, and bounce back from attacks without having to halt manufacturing.”
Citing data from a recent Censuswide study of chief information security officers (CISOs) conducted on the company’s behalf, Absolute Security international senior vice-president Andy Ward said that the attack on Asahi proved how costly operational downtime is when cyber disruption strikes.
“Production halts are no longer rare events – our research shows that 77% of UK security leaders say downtime from a cyber attack is now one of their biggest concerns, and nearly two-thirds fear the financial fallout from ransomware could cripple their organisation,” he said.
“This incident also reflects a wider reality with our research highlighting that 59% of CISOs already viewing cyber as the single biggest threat facing the UK right now, above AI and other risks.
“True resilience isn’t about preventing every attack, but about building the ability to anticipate, withstand and recover fast enough to keep operations running. For manufacturers, where legacy infrastructure, supply chains, and safety are intertwined, that means rethinking resilience strategies before the next outage makes headlines,” said Ward.
Besides the eponymous Asahi Super Dry lager, Asahi also produces a number of other beers, many of them, such as Grolsch and Peroni, acquired from Anheuser-Busch InBev and SABMiller. In 2019, it also bought the brewing operations of the UK’s Fuller, Smith & Turner, including the landmark Griffin Brewery in Chiswick, London. None of its operations outside Japan are thought to be affected by the incident.
Read more about ransomware
- During the first six months of 2025, the number of observed and tracked ransomware attacks far outpaced the volume seen in 2024.
- US authorities reveal how over a million dollars’ worth of cryptocurrency assets laundered by the BlackSuit ransomware gang were seized ahead of a July takedown operation.
- The UK government is forging a bold path as it aims to ban ransomware payments from certain organisations. Its actions could herald an inflexion point in Europe's broader response to ransomware.
Read more on Data breach incident management and recovery
-
![]()
NCC: How RaaS team-ups help Scattered Spider enhance its attacks
By: Alex Scroxton
-
![]()
Ransomware activity levelled off in July, says NCC
By: Alex Scroxton
-
![]()
Ransomware attack volumes up nearly three times on 2024
By: Alex Scroxton
-
![]()
Further disruption expected after latest NHS cyber attack
By: Alex Scroxton
