The Killin ransomware group has claimed an attack on Japanese beer giant Asahi, adding the company to the list of victims on its data leak site.
The threat actor claims to have stolen over 9,300 files totaling 27GB of data. As evidence of the theft, the hackers published 29 images showing internal financial documents, employee IDs, as well as confidential contracts and internal reports.
Asahi is Japan’s largest brewing company, with 30,000 employees, annual production of 100 million hectoliters, annual revenue of $20 billion.
On September 29, the company suspended operations at six Japan-based facilities due to a cyberattack.
On October 3, the company confirmed that the disruption was caused by a ransomware attack on its systems and that a subsequent investigation found evidence of a data intrusion.
At the time, no ransomware group had publicly claimed the attack. However, the Killin gang published the information on the company on their data leak site, possibly after failing to negotiate a ransom with the company.
Source: BleepingComputer
Quillin ransomware emerged in 2023 and is a multi-platform threat that has previously been linked to Scattered Spider and more recently to North Korean hackers.
The group is notorious for exploiting serious flaws in edge network devices, deploying credential theft tools, and continually pushing its encryptors.
The threat group has previously affected Nissan, Inotiv, Lee Enterprises, major London NHS hospitals and Yangfeng.
Killin claims that the attack will cost Asahi up to $335 million, with the data leak resulting in production disruptions at six breweries affecting thirty labels.
BleepingComputer has contacted Asahi regarding the threat actor’s claims and the authenticity of the leaked data samples, but a spokesperson declined to comment, noting that the leak under investigation,
Asahi told BleepingComputer that production of its flagship beer, “Super Dry”, has now resumed due to a temporary manual ordering system being installed.
A company spokesperson said that although the factories are not yet fully operational, shipping for more labels is expected to resume from October 15.
Due to cyber attack and resulting business disruption, the company has suffered losses announced That it will postpone the launch of new products previously scheduled for October 2025.
attend Breach and Attack Simulation Summit and experience future of security verificationHear from top experts and see how AI-powered BAS Changing breach and attack simulations.
Don’t miss the event that will shape the future of your security strategy
