The Qilin ransomware group has officially claimed responsibility for the recent cyberattack on Japan’s Asahi Breweries, publishing proof-of-hack samples and boasting of a massive data theft. This development follows Asahi’s confirmation last week that a ransomware incident disrupted beer production across Japan.
According to Qilin’s leak site, the group allegedly exfiltrated around 27GB of data from Asahi’s internal systems, including financial documents, employee IDs, contracts, and confidential reports. To back its claims, Qilin posted 29 sample files and screenshots, which cybersecurity researchers have verified as likely originating from Asahi’s corporate network.
Scope of the Data Leak
The leaked data reportedly contains over 9,300 files, some referencing internal projects, budgets, and employee details. Investigators have not yet independently confirmed the authenticity of all materials, but the samples align with legitimate corporate data structures.
Qilin further claimed that the disruption could cost Asahi up to $335 million, citing downtime across six domestic breweries and a delay affecting more than 30 product labels, including flagship brands such as Asahi Super Dry.
Asahi has yet to comment directly on Qilin’s statements but has acknowledged that data linked to the company was found online. Investigations continue in cooperation with cybersecurity specialists and law enforcement authorities.
Asahi’s Recovery Efforts Continue
The attack, which occurred in late September, temporarily halted production and disrupted shipment systems across Japan. By October 2, Asahi resumed limited operations at all six domestic breweries, gradually restoring production capacity.
The company has also partially resumed Super Dry shipments, with full-scale distribution expected by mid-October. While overseas operations remain unaffected, local sales channels have been managing orders manually via phone and fax during system restoration.
Qilin’s Ransomware Footprint
Qilin, active since at least 2022, operates as a ransomware-as-a-service (RaaS) platform. The group has targeted sectors ranging from healthcare and manufacturing to government institutions. Notably, Qilin was behind attacks on the UK’s Synnovis pathology network and several European service providers earlier this year.
The group is known for publishing exfiltrated data in stages to pressure victims, often starting with partial “proof packs” before full disclosure if ransom demands go unmet. Analysts suggest Qilin’s tactics mirror those of other professionalized RaaS operations, blending financial extortion with public-relations theatrics.
Final Thoughts
The Asahi Brewery incident now joins a growing list of high-profile Qilin ransomware attacks. While Asahi has made progress restoring operations, the group’s data leak claim adds a new layer of concern about the exposure of sensitive internal information.
Cybersecurity experts warn that the fallout could extend beyond immediate disruption, potentially impacting supply chains, regulatory compliance, and brand trust as Japan’s beverage giant works to fully recover.
