Qilin Ransomware Hits Asahi Brewery, Leaks Sensitive Data
▼ Summary
– The Qilin ransomware group claimed responsibility for attacking Asahi and published stolen data including financial documents and employee IDs.
– Asahi confirmed the ransomware attack caused operational disruptions at six facilities and involved data exfiltration from their systems.
– Qilin ransomware is a multi-platform threat active since 2023, known for exploiting network vulnerabilities and targeting major organizations.
– Production disruptions are estimated to cost Asahi up to $335 million, though partial operations have resumed with temporary manual systems.
– Asahi has postponed new product launches scheduled for 2025 due to the cyberattack’s impact on business operations.
A major cyberattack has struck Japanese beverage leader Asahi, with the Qilin ransomware group claiming responsibility and leaking thousands of sensitive internal documents. The hackers assert they stole over 9,300 files totaling 27GB of data, releasing 29 images as proof that include confidential financial records, employee identification cards, private contracts, and various internal reports. This security breach represents a significant threat to corporate data integrity and operational continuity.
Asahi, which employs approximately 30,000 people and generates around $20 billion in annual revenue, first experienced system disruptions on September 29th. The incident forced the temporary shutdown of six production facilities across Japan. By October 3rd, company officials confirmed the event was a ransomware attack and that their investigation uncovered clear evidence of data exfiltration. Initially, no hacking group publicly took credit for the intrusion.
The Qilin gang later listed Asahi on its dedicated data leak site, a common tactic used when ransom negotiations between attackers and the targeted organization break down. Security researchers note that Qilin emerged during 2023 as a multi-platform threat with suspected connections to other notorious hacking collectives. This group has built a reputation for exploiting critical vulnerabilities in network perimeter devices, utilizing credential-stealing malware, and consistently refining their encryption tools.
Previous high-profile targets of the Qilin ransomware operation include global corporations like Nissan, Inotiv, and Lee Enterprises, in addition to major NHS hospitals in London and the automotive supplier Yangfeng. The group claims the attack on Asahi’s brewing operations will result in financial damages reaching $335 million, citing production halts affecting six breweries and approximately thirty different beer labels.
When contacted for verification, Asahi’s representatives declined to comment on the authenticity of the leaked samples, stating the matter remains under active investigation. The company did confirm that production of its flagship “Super Dry” beer has recommenced following the implementation of a temporary manual ordering process. Although factories have not yet returned to full capacity, the company anticipates that shipping for additional product lines will restart around October 15th.
Due to the extensive disruption caused by the cyber incident, Asahi has decided to postpone the launch of new products originally planned for October 2025. This strategic delay highlights the long-term operational and financial repercussions that can follow a significant ransomware attack, even after immediate production issues are partially resolved.
(Source: Bleeping Computer)
