Ransomware gang Qilin today took credit for a data breach at Asahi Group Holdings that forced the company to suspend orders, shipments, and customer service.
Asahi first disclosed the breach on September 29, 2025. A few days later, the company cited ransomware as the culprit.
Asahi is still investigating the scope of the breach and hasn’t stated what the compromised data contained.
Qilin listed Asahi on its data leak site today, claiming it stole 27 GB of files from the company. The ransomware group says the data contains “financial documents, budgets and contracts, as well as personal data of employees, plans and development forecasts of the company.”
Asahi has not verified Qilin’s claim. We do not know if Asahi did or will pay a ransom, how much Qilin demanded, what the compromised data contains, or how attackers breached Asahi’s network. Comparitech contacted Asahi for comment and will update this article if it replies.
“Subsequent investigations have confirmed traces suggesting a potential unauthorized transfer of data,” Asahi says in an October 3, 2025 announcement on its website. “As a result of the containment measures, operations across our domestic group companies—including order placement and product shipment—have been affected. Additionally, we are currently unable to receive email communications from external sources.”
Who is Qilin?
Qilin is a ransomware gang that began taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin is the most active ransomware group so far this year. In 2025 to date, it has take credit for 105 confirmed ransomware attacks, plus 473 unconfirmed attack claims that haven’t been publicly acknowledged by the targeted organizations.
In addition to Asahi, Qilin took credit for three other confirmed attacks on Japanese companies this year:
- Shinko Plastics in June 2025
- Nissan Creative Box in August 2025
- Osaki Medical in August 2025
Fourteen of Qilin’s confirmed attacks this year hit manufacturers, including Asahi and four medical manufacturers.
Ransomware attacks on manufacturers
Comparitech researchers have logged 138 confirmed ransomware attacks on manufacturers in 2025 to date. Some recent examples include:
- Sunrise Company (Japan) reported an August 2025 ransomware attack by unknown attackers
- New Horizons Baking Company (USA) notified 9,476 people of a January 2025 data breach claimed by Cactus
- Farmer Brothers Company (USA) notified 14,460 people of a March 2025 data breach claimed by Chaos
- Monterey Mushrooms notified 2,324 people of an August 2025 data breach claimed by Payouts King
Ransomware attacks on manufacturers can lock down computer systems and steal data. Successful infections can disrupt billing, communications, orders, shipments, and in some cases manufacturing equipment and processes. The attackers demand a ransom to restore infected systems and delete stolen data. If manufacturers refuse to pay up, they face extended downtime, permanent data loss, unauthorized data disclosure, and putting data subjects at increased risk of fraud.
About Asahi Group Holdings, Ltd
Asahi is a Japanese brewer that owns five global beer brands: Asahi, Peroni, Kozel, Pilsner Urquell, and Grolsch. It also makes some non-alcoholic beverages and foods.
