Asahi Group

The **Asahi Group**, a Tokyo-based multinational beverage and food company, fell victim to a **ransomware attack** by the **Qilin ransomware group**. The attackers claimed to have exfiltrated **27 GB of sensitive data**, including **personal details of employees**, **financial documents**, **budgets**, **contracts**, **business development plans**, and **forecasts**. The breach caused **significant operational disruptions**, forcing Asahi to **suspend order and shipment operations in Japan**, as well as **shut down call center and customer service desks**. While the company is gradually resuming operations through manual processes, the incident highlights severe **data exposure risks** and **business continuity threats**.The Qilin group, known for its **technically mature RaaS (Ransomware-as-a-Service) model**, has been highly active, accounting for **16% of global ransomware attacks in August 2025**. This attack follows a pattern of targeting Japanese firms, with Asahi being the latest high-profile victim. The stolen data includes **both internal employee records and critical business intelligence**, raising concerns over **long-term financial, reputational, and competitive damage**. Asahi has not publicly confirmed or denied the ransom demands, but the operational halt underscores the **severe impact on core business functions**.

Source: https://www.infosecurity-magazine.com/news/qilin-ransomware-asahi-cyber-attack/

TPRM report: https://www.rankiteo.com/company/asahigroup-holdings

"id": "asa2592025100725",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': ['beverage (alcoholic and non-alcoholic)',
                                     'food products'],
                        'location': 'Tokyo, Japan',
                        'name': 'Asahi Group',
                        'size': 'large (global brands: Asahi, Peroni, Kozer, '
                                'Pilsner Urquell, Grolsch, Fullers)',
                        'type': 'corporation'}],
 'data_breach': {'data_exfiltration': 'yes (27 GB of files stolen)',
                 'personally_identifiable_information': 'yes (employee '
                                                        'details)',
                 'sensitivity_of_data': 'high (includes personally '
                                        'identifiable and business-sensitive '
                                        'information)',
                 'type_of_data_compromised': ['personal details (employees)',
                                              'financial documents',
                                              'budgets',
                                              'contracts',
                                              'plans',
                                              'development forecasts']},
 'date_publicly_disclosed': '2025-10-07',
 'description': 'The Qilin ransomware group claimed responsibility for a '
                'cyber-attack on Japan’s Asahi Group, alleging the theft of 27 '
                'GB of sensitive data, including employee personal details, '
                'financial documents, budgets, contracts, plans, and '
                'development forecasts. The attack caused significant '
                'operational disruption, including the suspension of order and '
                'shipment operations, as well as call center services in '
                'Japan. Asahi is in the process of resuming operations with '
                'manual processes.',
 'impact': {'brand_reputation_impact': 'potential negative impact due to data '
                                       'breach and operational disruption',
            'data_compromised': ['employee personal details',
                                 'financial documents',
                                 'budgets',
                                 'contracts',
                                 'plans',
                                 'development forecasts'],
            'downtime': 'ongoing (partial recovery with manual processes)',
            'identity_theft_risk': 'high (employee personal details '
                                   'compromised)',
            'operational_impact': ['suspended order and shipment operations',
                                   'suspended call center operations (customer '
                                   'service desks)'],
            'systems_affected': ['servers',
                                 'order and shipment systems',
                                 'call center operations']},
 'initial_access_broker': {'data_sold_on_dark_web': 'likely (Qilin operates a '
                                                    'data leak site)',
                           'high_value_targets': ['employee data',
                                                  'financial and business '
                                                  'documents']},
 'investigation_status': 'ongoing (Asahi has not responded to Qilin’s claims)',
 'motivation': 'financial gain (ransomware-as-a-service)',
 'ransomware': {'data_exfiltration': 'yes (27 GB)',
                'ransomware_strain': 'Qilin'},
 'references': [{'date_accessed': '2025-10-07', 'source': 'Comparitech'},
                {'source': 'ZeroFox Q3 2025 Ransomware Roundup'},
                {'source': 'NCC Group August 2025 Ransomware Report'}],
 'response': {'incident_response_plan_activated': 'yes (manual order and '
                                                  'shipping processes '
                                                  'initiated)',
              'recovery_measures': ['manual order and shipping processes']},
 'threat_actor': 'Qilin ransomware group',
 'title': 'Qilin Ransomware Attack on Asahi Group',
 'type': ['ransomware', 'data breach']}