Asahi Group Holdings, the maker of **Asahi Super Dry**, suffered a **sophisticated ransomware attack** in late September 2023, attributed to the Russian-linked hacker group **Qilin**. The attack disrupted operations for nearly **three months**, forcing the company to **delay financial disclosures** (third-quarter and full-year earnings) and **halt production** across its 30 domestic factories due to system-wide shutdowns. While six beer factories later resumed operations, order processing reverted to manual methods to avoid shortages. The breach caused **supply chain disruptions**, with shipments resuming gradually as systems were restored. Japanese media reported full recovery would take until **February 2024**. The CEO emphasized the attack was **beyond their cybersecurity measures**, describing it as 'cunning' and refusing ransom negotiations. The incident highlights Japan’s broader vulnerability to cyber threats, with a recent survey revealing **one-third of Japanese businesses** experienced attacks in 2023.
Source: https://www.digitaljournal.com/world/beer-giant-asahi-not-engaging-with-ransomware-hackers/article
Asahi Group Holdings cybersecurity rating report: https://www.rankiteo.com/company/asahigroup-holdings
"id": "ASA4032640112725",
"linkid": "asahigroup-holdings",
"type": "Ransomware",
"date": "9/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Beverage (Brewery)',
'location': 'Japan',
'name': 'Asahi Group Holdings, Ltd.',
'size': 'Large (global corporation)',
'type': 'Public Company'}],
'customer_advisories': ['Apology for inconvenience caused by supply '
'disruptions.',
'Assurance that production is resuming in stages.'],
'data_breach': {'data_encryption': True},
'date_detected': '2023-09-29',
'date_publicly_disclosed': '2023-09-29',
'description': 'Japanese beer giant Asahi Group Holdings, maker of Asahi '
'Super Dry, was hit by a sophisticated ransomware attack in '
'late September 2023. The attack, attributed to the '
'Russian-based hacker group Qilin, disrupted operations for '
'nearly three months, delaying financial reporting and causing '
'production halts. Asahi refused to negotiate or pay any '
'ransom, opting instead to restore systems manually. The '
'incident highlights broader cybersecurity vulnerabilities '
'among Japanese corporations, with experts noting a cultural '
'reluctance to prioritize cybersecurity investments.',
'impact': {'brand_reputation_impact': 'Moderate (public acknowledgment of '
'attack, delayed financial reporting, '
'and operational disruptions)',
'downtime': 'Approximately 3 months (as of December 2023, with '
'full recovery expected by February 2024)',
'operational_impact': ['Production halts at 30 domestic factories '
'(temporarily resumed at 6 beer factories '
'via manual order processing)',
'Delayed third-quarter and full-year '
'financial results',
'Disruption to supply chain and product '
'shipments'],
'systems_affected': ['Corporate IT systems',
'Financial reporting systems',
'Order processing systems']},
'initial_access_broker': {'high_value_targets': ['Corporate IT systems',
'Financial data']},
'investigation_status': 'Ongoing (as of December 2023)',
'lessons_learned': ["The attack was described as 'beyond imagination' in "
"sophistication, indicating gaps in Asahi's cybersecurity "
'preparedness.',
'CEO acknowledged that existing preventive measures were '
'insufficient against advanced threats.',
'Highlighted broader cultural issues in Japan regarding '
'cybersecurity investment and prioritization.'],
'motivation': 'Financial (ransomware extortion)',
'post_incident_analysis': {'root_causes': ['Insufficient cybersecurity '
'measures against sophisticated '
'attacks.',
'Potential lack of network '
'segmentation or advanced threat '
'detection.']},
'ransomware': {'data_encryption': True},
'recommendations': ['Increase cybersecurity investments without solely '
'focusing on ROI justification.',
'Enhance threat detection and response capabilities for '
'sophisticated attacks.',
'Improve incident response planning to minimize '
'operational downtime.',
'Conduct regular security audits and red-team exercises '
'to test defenses.'],
'references': [{'source': 'AFP (Agence France-Presse)'},
{'source': "Japanese media reports (interpretation of Qilin's "
'statement)'}],
'response': {'communication_strategy': ['Public press conference by CEO '
'Atsushi Katsuki',
'Delayed financial disclosures with '
'promises of transparency '
'post-recovery',
'Apologies to customers for '
'inconvenience'],
'containment_measures': ['Isolation of affected systems',
'Manual order processing to mitigate '
'supply chain disruptions'],
'incident_response_plan_activated': True,
'recovery_measures': ['Expected full system recovery by February '
'2024'],
'remediation_measures': ['System restoration (ongoing as of '
'December 2023)',
'Gradual resumption of production']},
'stakeholder_advisories': ['Delayed financial results will be disclosed once '
'systems are restored.',
'Gradual resumption of production and shipments in '
'progress.'],
'threat_actor': 'Qilin (suspected Russian-based hacker group)',
'title': 'Ransomware Attack on Asahi Group Holdings',
'type': 'Ransomware Attack'}