Asahi Beer Brewing Still Reeling from Russian Cyberattack; Stock Running Low at Some Stores

By Tomoharu Mizuno, Yukiho Takaichi and Ryohei Fuji / Yomiuri Shimbun Staff Writers

14:09 JST, October 17, 2025

The impact from the computer system failure sparked by a cyberattack at major food and beverage company Asahi Group Holdings, Ltd. is dragging on – and there appears to be no quick fix.

Disruptions to Asahi’s operations caused by the cyberattack in late September have yet to be resolved. Consequently, Asahi has restricted its acceptance of beer orders and shipments of its products, and stock is running low at some stores. The government has pushed for more “active cyber defense,” but the public and private sectors must work together to swiftly bolster efforts to combat the threat posed by cyberattacks.

In a message posted on its website on the evening of Oct. 7, Qilin – a hacking group believed to be based in Russia – claimed responsibility for the cyberattack about a week after it occurred.

Qilin conducts cyberattacks that involve the use of ransomware, a virus that infiltrates a computer or server and encrypts a victim’s files or renders data unusable. Such attackers often demand payment of a ransom in exchange for restoring the data. Qilin claimed to have stolen at least 9,300 Asahi files, or about 27 gigabytes of data, which included financial documents, business plans and personal information on Asahi’s employees. The group later released images of some of the stolen files.

In a statement issued Tuesday, Asahi said the company had “identified the possibility that personal information may have been subject to unauthorized data transfer.” Asahi said details of this incident were still being investigated.

The cyberattack’s impact on Asahi is extremely serious. The computer system used by the group’s domestic companies has experienced major problems, such as not booting up. Asahi halted its order acceptance and shipping operations, and the company still has not set a date for the system to be fully back online. Asahi has managed to resume shipments of some products and is taking orders by telephone, fax and other channels.

Asahi has not revealed whether Qilin has demanded a ransom. However, one computer security source told The Yomiuri Shimbun, “It’s highly possible the hackers publicly released some information, and are threatening to release more, because a ransom hasn’t been paid.”

Ransomware attacks tie record

According to National Police Agency statistics, there were 116 reported ransomware attacks on Japanese companies and other entities in the first six months of 2025, matching the six-month record set in the second half of 2022. A growing number of such attacks appear to be targeting small and midsize companies, which generally have weaker cyber defenses.

There has been a string of cases in which the damage caused by a ransomware attack lasted much longer due to the sheer size and complexity of the affected computer system. In June 2024, major publisher Kadokawa Corp. was stung by a cyberattack and suspended its video streaming services for about two months.

According to Takashi Yoshikawa of cybersecurity firm Mitsui Bussan Secure Directions, Inc., hacking groups launch an attack after gaining access to company computer systems through such means as using workplace authentication information stolen from an individual’s computer and exploiting weaknesses in the network.

As the threat of cyberattacks is mounting, the government in July established the National Cybersecurity Office based on the law related to “active cyber defense” to help prevent major attacks before they occur. Government bodies as well as companies across 15 sectors including power, finance and telecommunications have been designated as critical infrastructure operators.

If an analysis of collected information reveals there is a high possibility of a cyberattack on these operators, the police and the Self-Defense Forces will infiltrate the perpetrator’s server and block the attack. These operations will be rolled out in stages from next year.

In a bid to bolster the defenses of entities other than the 15 critical infrastructure operators, the government will next year launch a public-private council. The government plans for this council to collect information from companies targeted by cyberattacks, and then provide details about how the attacks were carried out to other companies and local governments. Information about the Asahi case will also reportedly be shared.