The notorious ransomware group Qilin has claimed responsibility for a cyberattack on Japan’s Asahi Group Holdings, a leading global beer and beverage producer. The breach, which was first detected on September 29, forced a temporary production halt across Asahi’s six beer plants in Japan before operations resumed on October 2, according to the company’s brewing subsidiary, Asahi Breweries. The attack marks another major strike by the group, which has previously targeted large corporations and critical infrastructure worldwide.
Qilin posted 29 images online, purportedly showing internal Asahi Group documents, and claimed to have stolen over 9,300 files—amounting to about 27 gigabytes of data. Although Reuters could not independently verify the authenticity of the leaked files, cybersecurity analysts warn that such data breaches can have long-term operational and reputational consequences for affected firms. Asahi’s European division redirected inquiries to its Tokyo headquarters, which has yet to comment on the incident, while Qilin itself did not respond to requests for clarification.
Cyber experts describe Qilin as one of the most aggressive ransomware networks currently operating. The group runs a ransomware-as-a-service (RaaS) model, enabling criminal affiliates to conduct attacks in exchange for a share of ransom proceeds. Emerging in 2022, Qilin has been linked to nearly 870 recorded cyber intrusions globally, according to research data from eCrime.ch, a cybercrime intelligence platform. Its most infamous strike occurred in June 2024, when it crippled British medical diagnostics firm Synnovis, an incident British officials later said contributed to a hospital patient’s death in London.
April Lenhard, Principal Product Manager at cybersecurity company Qualys, described Qilin as “disruptive, highly active, and willing to create real-world chaos.” The Asahi hack underscores the escalating threat posed by such cybercriminal groups, which increasingly target high-profile corporations with global operations. The incident also highlights the growing vulnerabilities within the manufacturing and beverage sectors, as attackers exploit digital dependencies to inflict financial damage and public disruption