Asahi, Japan’s leading brewer with 40% market share, suffered a **ransomware attack** attributed to the Qilin group, forcing it to halt production at most of its 30 factories, including six breweries. The attack crippled its computer systems, reducing operations to manual processes (pen, paper, and fax), severely limiting order processing and shipments. This caused widespread shortages of its products—beer (e.g., Asahi Super Dry), soft drinks, bottled teas, and food items—across convenience stores (FamilyMart, 7-Eleven, Lawson), liquor stores, and restaurants nationwide. Wholesalers reported receiving only **10–20% of normal supply**, with disruptions expected to last at least a month. While European subsidiaries (Peroni, Grolsch, Fuller’s) remained unaffected, the attack exposed Asahi’s **legacy system vulnerabilities** and **data leaks** (suspected stolen data found online). The incident underscored Japan’s broader cybersecurity gaps, including reliance on outdated infrastructure and low digital literacy, prompting government intervention under the new **Active Cyber Defense Law (ACD)**. The financial and reputational damage extends beyond Asahi to retailers, suppliers, and consumers, with no confirmed timeline for full recovery.
Source: https://www.bbc.com/news/articles/cly64g5y744o
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa2162021101125",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "10/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': ['Bars',
'Restaurants',
'Retailers',
'Convenience Stores '
'(FamilyMart, 7-Eleven, Lawson)',
'Wholesalers',
'End Consumers'],
'industry': ['Food & Beverage',
'Alcohol',
'Consumer Goods'],
'location': 'Japan (primary impact; European '
'subsidiaries unaffected)',
'name': 'Asahi Group Holdings, Ltd.',
'size': "Large (40% market share in Japan's beer "
'industry)',
'type': 'Public Company (Brewing & Beverages)'},
{'customers_affected': 'Consumers (shortages of '
'Famimaru bottled teas)',
'industry': 'Retail',
'location': 'Japan',
'name': 'FamilyMart',
'size': 'Large',
'type': 'Convenience Store Chain'},
{'customers_affected': 'Consumers (halted shipments of '
'Asahi products)',
'industry': 'Retail',
'location': 'Japan',
'name': '7-Eleven Japan',
'size': 'Large',
'type': 'Convenience Store Chain'},
{'customers_affected': 'Consumers (expected shortages '
'of Asahi products)',
'industry': 'Retail',
'location': 'Japan',
'name': 'Lawson, Inc.',
'size': 'Large',
'type': 'Convenience Store Chain'},
{'customers_affected': 'Dine-in customers (limited beer '
'availability)',
'industry': 'Hospitality',
'location': 'Tokyo, Japan',
'name': 'Ben Thai Restaurant (Sengawacho, Tokyo)',
'size': 'Small',
'type': 'Small Business (Restaurant)'},
{'customers_affected': 'Consumers (limited stock of '
'Asahi Super Dry and soft '
'drinks)',
'industry': 'Alcohol Sales',
'location': 'Tokyo, Japan',
'name': "Hisako Arisawa's Liquor Store",
'size': 'Small',
'type': 'Small Business (Retail)'}],
'attack_vector': ['Phishing (suspected)',
'Exploitation of Legacy Systems',
'Ransomware-as-a-Service (RaaS)'],
'customer_advisories': ['Warnings of product shortages from Asahi and '
'convenience store chains (FamilyMart, 7-Eleven, '
'Lawson)'],
'data_breach': {'data_encryption': ['Ransomware encryption of systems'],
'data_exfiltration': True,
'sensitivity_of_data': 'Moderate (business operations data; '
'no confirmation of PII exposure)',
'type_of_data_compromised': ['Corporate Data (suspected)',
'Potentially Customer/Partner '
'Data (unconfirmed)']},
'date_detected': 'Late May 2024',
'date_publicly_disclosed': 'Early June 2024',
'description': "Asahi Group, Japan's largest brewer and maker of Asahi Super "
'Dry, suffered a cyber-attack in late May 2024 that disrupted '
'production at 30 factories, including six breweries. The '
'attack forced the company to revert to manual processes (pen, '
'paper, and fax) for order processing and shipments, causing '
'widespread shortages of beer, soft drinks, and other products '
'across Japan. The ransomware group Qilin claimed '
'responsibility, and Asahi confirmed data suspected to have '
'been leaked was found online. Operations have partially '
'resumed, but full recovery timelines remain unclear. The '
"incident highlights Japan's vulnerability to cyber-attacks "
'due to reliance on legacy systems and low digital literacy in '
'business software.',
'impact': {'brand_reputation_impact': ['Short-term reputational damage due to '
'product shortages',
'Erosion of trust in digital '
'resilience'],
'customer_complaints': True,
'data_compromised': True,
'downtime': ['Partial downtime ongoing as of early June 2024',
'Full recovery timeline unspecified'],
'operational_impact': ['Manual processing of orders via '
'pen/paper/fax',
'Reduced shipment capacity (10-20% of '
'normal)',
'Production halts at most facilities',
'Supply chain disruptions for beer, soft '
'drinks, and food items'],
'systems_affected': ['Production Systems (30 factories, including '
'6 breweries)',
'Order Processing Systems',
'Shipment Logistics Systems',
'Communication Systems (reverted to fax)']},
'initial_access_broker': {'data_sold_on_dark_web': ['Suspected data leak '
'confirmed by Asahi '
'(details unspecified)'],
'high_value_targets': ['Production systems',
'Order processing '
'databases']},
'investigation_status': 'Ongoing (Japanese government and Asahi internal '
'investigation)',
'lessons_learned': ["Japan's reliance on legacy systems and low digital "
'literacy increases vulnerability to cyber-attacks.',
'Manual fallback processes (e.g., fax) are inefficient '
'and disrupt modern supply chains.',
'Ransomware-as-a-Service (RaaS) models enable '
'less-skilled threat actors to target large '
'organizations.',
'Government intervention (e.g., ACD law) is critical but '
'requires time to implement effectively.'],
'motivation': 'Financial Gain (Extortion)',
'post_incident_analysis': {'corrective_actions': ["Japanese government's "
'Active Cyber Defense Law '
'(ACD) empowers proactive '
'measures (e.g., '
'neutralizing attacker '
'servers).',
'Asahi likely reviewing IT '
'infrastructure '
'modernization and '
'cybersecurity investments.',
'Convenience store chains '
'diversifying suppliers to '
'mitigate single-point '
'failures.'],
'root_causes': ['Over-reliance on legacy IT '
'systems with poor security '
'controls.',
'Insufficient cybersecurity '
'workforce and digital literacy in '
'business operations.',
'Lack of preparedness for '
'ransomware attacks (e.g., no '
'immediate automated fallbacks).',
'Cultural trust in systems without '
'proportional risk management.']},
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'Qilin'},
'recommendations': ['Accelerate digital transformation to replace legacy '
'systems in Japanese businesses.',
'Invest in cybersecurity training and hiring to address '
'the shortage of professionals.',
'Implement robust incident response plans with automated '
'fallback systems (not manual).',
'Enhance public-private collaboration for threat '
'intelligence sharing under ACD law.',
'Prioritize supply chain resilience in cybersecurity '
'strategies.'],
'references': [{'date_accessed': 'June 2024',
'source': 'BBC News',
'url': 'https://www.bbc.com/news/articles/cpv1v5d0v1xo'},
{'date_accessed': 'June 2024', 'source': 'Reuters'},
{'date_accessed': 'June 2024',
'source': 'AFP via Getty Images'}],
'regulatory_compliance': {'regulatory_notifications': ['Japanese government '
'investigating under '
'Active Cyber Defense '
'Law (ACD)']},
'response': {'communication_strategy': ['Public apology for disruptions',
'Updates via media (no direct '
'timeline provided)'],
'containment_measures': ['Partial reopening of factories',
'Isolation of affected systems '
'(likely)'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'recovery_measures': ['Prioritizing shipments to larger '
'customers',
'Limited production resumption'],
'remediation_measures': ['Manual order processing via '
'pen/paper/fax',
'Gradual restoration of IT systems']},
'stakeholder_advisories': ['Apology issued to customers and partners',
'No detailed advisory on mitigation steps'],
'threat_actor': 'Qilin Ransomware Group',
'title': 'Cyber-Attack on Asahi Group Forcing Manual Operations and Supply '
'Chain Disruptions',
'type': ['Ransomware Attack', 'Supply Chain Disruption', 'Data Breach'],
'vulnerability_exploited': ['Legacy IT Systems',
'Low Digital Literacy in Business Software',
'Lack of Cybersecurity Preparedness']}