The Qilin ransomware group has claimed the attack on Japanese beer giant Asahi by adding the company to the list of victims on its data leak site.
The threat actor claims to have exfiltrated more than 9,300 files in 27GB of data. As proof of the theft, the hackers published 29 images showing internal financial documents, employee IDs, as well as confidential contracts and internal reports.
Asahi is Japan’s largest brewing company, with 30,000 employees, an annual production of 100 million hectoliters, a yearly revenue of $20 billion.
On September 29th, the company suspended operations at six Japan-based facilities due to a cyberattack.
On October 3rd, the company confirmed that the disruption was caused by a ransomware attack on its systems and the subsequent investigation found evidence of data exfiltration.
At the time, no ransomware groups claimed the attack publicly. However, the Qilin gang published the company on their data leak site, likely after failing to negotiate a ransom with the company.
Source: BleepingComputer
Qilin ransomware emerged in 2023 and is a multi-platform threat that has previously been linked to Scattered Spider and, more recently, to North Korean hackers.
The group is infamous for exploiting critical flaws in edge network devices, deploying credential theft tools, and continually advancing their encryptor.
The threat group has previously hit Nissan, Inotiv, Lee Enterprises, major NHS hospitals in London, and Yangfeng.
Qilin claims that the attack will cause Asahi to lose up to $335 million due to production disruptions at six breweries impacting thirty labels, in the fallout of the data leak.
BleepingComputer has contacted Asahi regarding the threat actor’s claims and the authenticity of the leaked data samples, but a spokesperson declined to comment on that, noting that the leak is under investigation.
Asahi told BleepingComputer that the production of its flagship beer, “Super Dry,” has now resumed thanks to establishing a temporary manual ordering system.
While factories are not yet fully operational, shipping for more labels is expected to resume from October 15, the company spokesperson said.
Due to the cyberattack and the resulting business disruption, the company has announced that it will postpone the launch of new products previously scheduled for October 2025.
Join the Breach and Attack Simulation Summit and experience the future of security validation. Hear from top experts and see how AI-powered BAS is transforming breach and attack simulation.
Don’t miss the event that will shape the future of your security strategy
