Ransomware hacker group, Qilin, which offers third parties its ransomware service in exchange for a cut of money extorted, has claimed responsibility for the recent cyberattack on Asahi which brought its Japanese supply chain to its knees.
On 7 October 2025, the ransomware-as-a-service (RaaS) group known as Qilin claimed responsibility for a cyberattack that struck Asahi Group Holdings on 29 September, alleging the theft of about 27 gigabytes of internal data. The location of the group is unknown, although there are indications that is based in Russia,
The fraudsters published images it asserted were internal documents including contracts, forecasts, budgets and human-resources files obtained in the attack, and claimed that about 9,300 files had been stolen.
Asahi has formally acknowledged the ransomware incident, stating that its immediate priority is product supply while it assesses impacts on full-year earnings.
Since the attack, Asahi has confirmed that ordering, shipping and customer-service systems were disrupted, forcing its largest brewing arm to revert temporarily to manual processes. Production of beer was suspended during the outage, although the brewer has now resumed operations at six domestic plants from 2 October, enabling partial shipments of its flagship Asahi Super Dry to recommence. The brewer aims to back up to speed on brewing output by 15 October.
Asahi claims the impact of the incident is confined to Japan and says it is still investigating the extent of data exposure.
Recovery remains ongoing with core systems for ordering and logistics still offline at the time of reporting. Staff have had to process orders by phone or fax, and to share customer or order data via spreadsheets.
The disruption has rippled across Japan’s beverage ecosystem. Many bars, restaurants and convenience stores have reported reduced supply of Asahi products, prompting some outlets to switch over to competitor brands. Rival brewers such as Kirin, Sapporo and Suntory have reportedly adjusted their shipments to exploit shifting demand while Asahi works to restore its digital infrastructure.
Qilin first appeared significantly on the cyberthreat scene in 2022, through its operation of an RaaS model that enables affiliates to carry out attacks using its malware in exchange for a share of extortion proceeds. In 2023, Qilin’s typical ransom demand was anything from US$50,000 to U$800,000, according to Group-IB, a cybersecurity firm which infiltrated the group that year.
Security trackers now attribute hundreds of global intrusions to Qilin’s operations, including an especially serious 2024 attack on UK diagnostic provider Synnovis, which British health officials later linked to causing a patient’s death.
