What's happened
Since September 29, 2025, Asahi Group Holdings has faced a ransomware cyberattack disrupting its Japanese operations. The attack halted production at most of its 30 factories, suspended orders, shipments, and call center functions. Hacker group Qilin claims to have stolen 27GB of data. Asahi has no timeline for full recovery and postponed its earnings release scheduled for November 12.
What's behind the headline?
Impact on Japan's Supply Chain and Economy
The ransomware attack on Asahi Group Holdings exposes vulnerabilities in Japan's intricate supply chains, where digital disruptions ripple quickly from factories to retail shelves. Asahi's halt in production at most of its 30 plants has led to warnings from major retailers like 7-Eleven and FamilyMart about imminent shortages of popular products such as Asahi Super Dry beer and Mitsuya Cider.
Cybersecurity Landscape and Threat Actor
Qilin, the hacker group behind the attack, operates a ransomware-as-a-service platform known for aggressive and disruptive campaigns, including a previous hack linked to a patient death in London. Their claim of stealing 27GB of data, including financial and employee information, highlights the growing sophistication and impact of cyber threats on major corporations.
Corporate and Market Consequences
Asahi's inability to process orders and shipments, alongside manual handling of operations, has forced the postponement of earnings results and new product launches. Analysts predict a significant reduction in fourth-quarter operating profits if disruptions persist. Despite the crisis, Asahi's shares showed some recovery after initial declines, reflecting market uncertainty.
Broader Implications for Japan
This incident underscores Japan's increasing exposure to cyberattacks despite its relatively strong cybersecurity posture. The attack highlights the need for enhanced resilience in critical infrastructure and supply chains, especially in sectors vital to daily life and the economy.
Outlook
Without a clear timeline for system restoration, Asahi faces ongoing operational challenges. The attack will likely prompt intensified cybersecurity measures across Japanese industries and may accelerate government and corporate efforts to bolster defenses against ransomware and other cyber threats.
What the papers say
Kanoko Matsuyama in The Japan Times details the operational impact, noting Asahi's manual order processing and uncertain recovery timeline, while highlighting warnings from retailers about product shortages. Holly Williams in The Independent emphasizes the suspension of order and shipment activities and the potential depletion of Asahi Super Dry stock within days, also noting the unaffected overseas operations. Bloomberg provides insight into the hacker group Qilin, describing its ransomware-as-a-service model and aggressive tactics, including previous high-profile attacks. The Guardian's Justin McCurry focuses on the cultural significance of Asahi Super Dry in Japan and the competitive brewing market, illustrating the broader economic and social impact. Business Insider UK and AP News report on the suspension of shipments and call center operations, with Business Insider noting the stock price decline and retailer warnings. These varied perspectives collectively paint a comprehensive picture of the cyberattack's operational, economic, and cultural ramifications.
How we got here
Asahi Group Holdings, Japan's largest brewery, was hit by a ransomware attack on September 29, 2025, which disabled its ordering and delivery systems. The attack forced suspension of operations across most of its 30 Japanese plants, affecting supply chains and prompting warnings of product shortages. The hacker group Qilin claimed responsibility, stating they stole extensive company data.
Go deeper
- How did the ransomware attack affect Asahi's production and supply chain?
- What data did the hacker group Qilin claim to have stolen from Asahi?
- What are the broader implications of this cyberattack for Japan's cybersecurity?
Common question
-
What Is the Impact of the Cyberattack on Asahi Group?
A major cyberattack has recently disrupted Asahi Group Holdings, one of Japan's leading beverage companies. This incident has raised questions about cybersecurity resilience in the industry and its broader implications. Below, we explore what happened, how it affects supply chains, and what it means for Japanese and global cybersecurity efforts.
-
How Are Cyberattacks Affecting Major Companies and Supply Chains Today?
Recent cyberattacks are causing significant disruptions for large companies and their supply chains. From factory shutdowns to product shortages, these incidents raise important questions about cybersecurity and their wider impact. Below, we explore how cyber threats are impacting businesses, what consumers need to know, and how companies are responding to these growing risks.
-
What Was the Asahi Cyberattack and How Did It Impact Japan?
The recent cyberattack on Japan's Asahi Group has caused widespread disruption, halting production at most of its factories and threatening supply chains. This incident raises important questions about cybersecurity risks facing major companies and the broader implications for global industries. Below, we explore what happened, how companies are responding, and what industries are most at risk.
-
What Is the Extent of the Cyberattack on Asahi Group?
A major cyberattack has severely impacted Asahi Group Holdings, disrupting its operations across Japan and raising concerns about cybersecurity in the corporate world. Many are wondering how deep this attack goes, what parts of the company are affected, and what it means for the future. Below, we explore the key questions surrounding this crisis, including the scope of the attack, its impact on factories, and what steps companies are taking to prevent similar incidents.
-
Who Was Targeted in the Recent Cyberattack in Japan?
A major cyberattack has recently disrupted operations at one of Japan's largest companies, raising questions about who was targeted and what the impact has been. Understanding the details of this attack can help you grasp the broader risks facing businesses today. Below, we explore key questions about the incident, the hacker group involved, and what it means for companies worldwide.
More on these topics
-
A cyberattack (or cyber attack) occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.
The rising dependence on increasingly complex and interconnected..
-
Japan is an island country of East Asia in the northwest Pacific Ocean. It borders the Sea of Japan to the west and extends from the Sea of Okhotsk in the north to the East China Sea and Taiwan in the south.
-
Tokyo, officially the Tokyo Metropolis, is the capital and most populous city in Japan. With a population of over 14 million in the city proper in 2023, it is one of the most populous urban areas in the world. The Greater Tokyo Area, which includes Tokyo.