Overview of the Cyberattack
In late September 2025, Asahi Group Holdings, a leading Japanese food and beverage conglomerate, experienced a significant cyberattack that disrupted its domestic operations. The attack led to system failures affecting production, order processing, and customer service within Japan. While the company’s international operations remained unaffected, the domestic impact was substantial, causing shortages of popular products like Asahi Super Dry beer.
Qilin Ransomware Group Claims Responsibility
On October 7, 2025, the ransomware group known as Qilin claimed responsibility for the attack. Qilin alleged that they had stolen over 9,300 files, totaling approximately 27 gigabytes of data, including financial documents and personal information of employees. They supported their claim by publishing 29 images purportedly showing internal Asahi documents. The authenticity of these documents has not been independently verified.
Confirmation of Data Breach
Asahi Group Holdings confirmed on October 8, 2025, that information believed to have leaked from its systems was found on the internet. The company is actively investigating the extent and details of the leaked data, including whether client-related information was compromised. Asahi has stated that the impact of the cyberattack is limited to its domestic network, with no confirmed effects on its overseas systems.
Operational Impact and Response
The cyberattack led to a temporary halt in production at Asahi Breweries’ six Japanese plants, which resumed operations on October 2, 2025. The system outage also forced the company to postpone new product launches scheduled for that month. Asahi has established an Emergency Response Headquarters and is collaborating with external cybersecurity experts to restore its systems and assess the full impact of the breach.
About the Qilin Ransomware Group
Qilin, active since 2022, operates a ransomware-as-a-service platform, allowing affiliates to conduct attacks in exchange for a percentage of the ransom payments. The group has been linked to numerous cyberattacks worldwide, including a 2024 incident involving UK-based Synnovis, which led to patient fatalities, highlighting their capacity for causing real-world harm.
Ongoing Investigation and Future Measures
Asahi Group Holdings continues to investigate the breach, focusing on identifying the scope of the data compromised and implementing measures to prevent future incidents. The company has apologized for the inconvenience caused and is committed to restoring normal operations as swiftly as possible.
