Asahi Group Holdings Ltd., Japan’s largest beer brewer, suffered a ransomware attack by the Russian-speaking hacker group Qilin, which disrupted operations for over a week. The attack led to the theft of approximately **27 GB of data**, including **financial documents, contracts, development forecasts, and employees’ personal information**. The breach forced Asahi to **halt production at nearly 30 domestic factories**, crippling distribution and limiting orders to only its flagship *Asahi Super Dry* brew. While plants were gradually restored by mid-October, output remained below normal capacity. The stolen data was later found leaked online, though Asahi declined to confirm specifics. The incident caused supply chain disruptions, prompting competitors like Kirin, Sapporo, and Suntory to ramp up production to meet market demand. Qilin, known for **double-extortion tactics** (encrypting files and threatening to publish stolen data), has previously targeted over 100 companies globally, including a **$50M ransomware attack on UK hospital lab provider Synnovis** in 2024. The attack underscored Japan’s vulnerability to cyber threats, with ripple effects across factories, retailers, and restaurants.
Source: https://www.claimsjournal.com/news/national/2025/10/08/333400.htm
TPRM report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "asa2492424100825",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "6/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': ['retailers',
'restaurants',
'consumers (indirectly via '
'shortages)'],
'industry': ['Beverage', 'Brewery', 'Food & Beverage'],
'location': 'Tokyo, Japan',
'name': 'Asahi Group Holdings Ltd.',
'size': 'Large (global operations)',
'type': 'Public Company'}],
'attack_vector': ['phishing',
'exploiting vulnerabilities',
'malware deployment'],
'customer_advisories': ['Indirect communication via retailers/restaurants on '
'product availability'],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Confirmed (27 GB leaked; screenshots '
'published by Qilin)',
'file_types_exposed': ['documents',
'spreadsheets',
'databases (assumed)'],
'personally_identifiable_information': "Yes (employees' data)",
'sensitivity_of_data': 'High (financial + personal data)',
'type_of_data_compromised': ['financial records',
'contracts',
'business forecasts',
'PII (employees)']},
'date_detected': '2024-09-29',
'date_publicly_disclosed': '2024-09-29',
'description': 'A Russian-speaking hacker group known as Qilin claimed '
'responsibility for a ransomware attack on Asahi Group '
"Holdings Ltd., Japan's largest beer brewer. The attack "
'disrupted operations for over a week, leading to production '
'halts at roughly 30 domestic factories. The group stole '
'approximately 27 GB of data, including financial documents, '
"contracts, development forecasts, and employees' personal "
'information. Asahi confirmed leaked information was found '
'online but did not disclose further investigation details. '
'Production is expected to resume partially by October 10 '
'(Thursday), though output will remain below normal. Rival '
'breweries (Kirin, Sapporo, Suntory) are compensating for '
'shortages, with Suntory canceling limited-edition beer '
'launches to prioritize mainstay products. Qilin, active since '
'mid-2022, employs double-extortion tactics (encryption + data '
'theft) and has targeted over 100 companies globally, '
"including a $50M attack on UK's Synnovis in 2024.",
'impact': {'brand_reputation_impact': 'Potential damage due to production '
'delays and data leak',
'data_compromised': ['financial documents',
'contracts',
'development forecasts',
"employees' personal information"],
'downtime': '>1 week (production halt at ~30 factories)',
'identity_theft_risk': "High (employees' personal information "
'exposed)',
'operational_impact': ['manual order processing (phone-based)',
'limited product shipments (only Asahi '
'Super Dry initially)',
'reduced output post-recovery',
'supply chain disruptions'],
'systems_affected': ['production systems',
'distribution networks',
'order processing']},
'initial_access_broker': {'data_sold_on_dark_web': 'Likely (Qilin published '
'screenshots as proof)',
'high_value_targets': ['financial data',
'employee PII',
'business forecasts']},
'investigation_status': 'Ongoing (no details disclosed)',
'motivation': ['financial gain', 'extortion'],
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes (double-extortion)',
'ransom_paid': 'Unclear (no confirmation of payment or '
'refusal)',
'ransomware_strain': 'Qilin'},
'references': [{'source': 'Bloomberg'},
{'source': "Qilin's dark web blog"},
{'source': 'Asahi Group Holdings Ltd. public statement '
'(2024-10-09)'}],
'response': {'communication_strategy': ['public statement on 2024-10-09 '
'(Wednesday)',
'spokesperson updates',
'no details on ransom negotiations'],
'containment_measures': ['isolation of affected systems',
'manual order processing'],
'incident_response_plan_activated': 'Yes (partial recovery '
'ongoing)',
'recovery_measures': ['gradual resumption of production (by '
'2024-10-10)',
'prioritization of key products (Asahi '
'Super Dry)',
'expanded shipments from 2024-10-15'],
'remediation_measures': ['system restoration from backups '
'(assumed)']},
'stakeholder_advisories': ['Limited public updates via spokesperson'],
'threat_actor': 'Qilin (Russian-speaking hacker group)',
'title': 'Ransomware Attack on Asahi Group Holdings Ltd. by Qilin Hacking '
'Group',
'type': ['ransomware', 'data breach', 'operational disruption']}