A ransomware group known as Qilin stepped forward on Tuesday, claiming responsibility for a cyberattack on Japan’s Asahi Group Holdings, a major conglomerate with interests spanning from beverages to media. The incident, which had previously led to a halt in operations, particularly affected Asahi Breweries, the beer-making subsidiary of Asahi Group. Asahi Breweries announced on Monday that production had resumed at its six Japanese beer plants on October 2, following a shutdown that began on September 29 due to the security breach.
Qilin, which operates on a ransomware-as-a-service (RaaS) model, posted 29 images purportedly showing internal documents from Asahi Group on its dark web site. The group alleges that it has exfiltrated over 9,300 files, amounting to approximately 27 gigabytes of sensitive data. While the authenticity of these claims has yet to be independently verified, the group’s history suggests a capability for significant data theft and disruption.
Contacted for further information, Asahi Group’s European subsidiary directed all inquiries back to the main office in Japan. Asahi Group did not provide a response to an emailed request for comment outside of office hours. Similarly, Qilin did not engage with a request for comment from our news outlet.
Emerging in 2022, Qilin has quickly become one of the most prolific ransomware groups, with nearly 870 attributed attacks, according to data from the cybercrime research platform eCrime.ch. The group’s business model involves allowing other malicious actors to execute attacks in return for a share of the ransom payments. Qilin’s operations have not been limited to causing financial strain; they have also resulted in real-world consequences. For instance, the group was implicated in the June 2024 hack of Synnovis, a British diagnostic services provider. The attack on Synnovis was cited by officials in June 2025 as a contributing factor to the tragic death of a patient at a London hospital.
April Lenhard, the principal product manager at cybersecurity firm Qualys, characterized Qilin as “one of the most aggressive ransomware operations currently in circulation.” She highlighted the group’s disruptive nature and their propensity for creating significant chaos, noting that they are “disruptive, highly active, and willing to create real-world chaos.”
The Asahi Group incident underscores the growing threat posed by ransomware attacks, which are increasingly targeting large multinational corporations. The Qilin group’s ability to infiltrate and disrupt operations at such entities raises concerns about the security measures in place at major companies and the potential for further cyberattacks that could impact global operations and, as seen in the Synnovis case, even public health outcomes.
Asahi Group’s recovery efforts and the extent of the damage caused by the data breach remain under scrutiny, with cybersecurity experts likely to analyze the incident for lessons in corporate defense strategies against ransomware. The situation also calls attention to the need for robust cybersecurity protocols and the readiness of companies to respond to such attacks, especially given the potential for life-threatening consequences as demonstrated by Qilin’s past activities.
The public is advised to stay informed about the latest cybersecurity threats and for organizations to reassess their security postures in light of these aggressive tactics employed by ransomware groups like Qilin.
Source: Reuters
