Hack on Japan’s biggest brewer renews concerns over cyberattack readiness
By John Liu, Junko Ogura, CNN
Hong Kong/Tokyo (CNN) — Japan’s favorite beer brand is reeling from a cyberattack that paralyzed its production last week. Its factories have started brewing again, and some truckloads of beer are leaving its warehouses, but the attack has spotlighted the poor cybersecurity readiness among top-tier companies in the world’s fifth-largest economy.
Beer and beverage giant Asahi – which makes Asahi Super Dry Beer, Nikka Whisky and owns foreign brands like Peroni, Pilsner Urquell and Grolsch – said the attack last week halted order placement and shipping operations and forced it to shut down production at most of its 30 factories nationwide. That led to shortages of the popular beer and other Asahi products at convenience stores in Japan.
On Tuesday, Qilin, a ransomware group with a track record of infiltrating organizations around the world, claimed responsibility, saying it had stolen around 27 gigabytes of data.
All six of Asahi’s alcohol factories nationwide have now resumed operations, but it remains unclear when their production and shipment will be back to full service.
Cybersecurity experts said the impact of the hack underscored the vulnerabilities and lack of preparedness among Japanese corporations, particularly when it comes to ransomware attacks in which hackers lock victims out of their systems and demand payments for restoration. It’s not known if a ransom was demanded from Asahi.
While Japan boasts world-class robotics and other high-tech industries, it is also beset by a lack of skilled tech workers and low digital literacy rates among sections of its rapidly ageing population. Experts have also highlighted an “acute” shortage of cybersecurity professionals in Japan, with a 2023 study by US-based internet security organization ICS2 finding the supply-demand gap of those talents rapidly widening.
In the first six months of this year, Japan’s National Police Agency reported 116 ransomware attacks on companies and individuals. Its survey also suggested the recovery costs for such attacks have increased compared to 2024, with the percentage of organizations that incurred more than $66,000 in costs increasing from 50% to 59%.
But the real number of ransomware attacks is likely “ten times” higher, given that many organizations may be less inclined to report the incidents, Cartan McLaughlin, CEO of Tokyo-based cybersecurity firm Nihon Cyber Defense, told CNN.
The attack against Asahi is the fourth cyber operations launched by Qilin against Japanese companies since June this year, according to Comparitech, a tech research site.
The cybercrime group emerged in 2022 and has claimed more than 100 of confirmed ransomware attacks this year, the site said.
Information Qiling claimed to have stolen from Asahi included budget, contracts, and personal data, shown in some 29 images posted on its website, according to a screenshot of the site supplied by a cybersecurity firm, which requested not to be named because of sensitivity. Part of the information has been made publicly available, Qilin said.
CNN could not immediately verify the authenticity of that information.
Responding to CNN inquiries about Qilin’s claims, Asahi said the cyberattack remains under investigation. The company has previously said it was investigating potential unauthorized transfer of data.
On Wednesday, Japan’s Chief Cabinet Secretary Yoshimasa Hayashi said the government will work to strengthen cybersecurity measures across Japan in response to Asahi’s attack, warning that “system failures caused by cyberattacks could jeopardize national and public safety.”
‘Wake-up call’
For years, Japanese enterprises have been relatively insulated from cyberattacks, in partly due to the language barrier, experts said. But advances in technology have significantly lowered the threshold for launching cyber operations against Japanese companies.
That lack of attacks in previous years, however, has had a negative outcome — many companies now lack practical experience in responding to cyber incidents, according to McLaughlin of Nihon Cyber Defense.
“Japan was slower to the game than the rest of the world,” he said. “You can buy all the cyber technology in the world. But if it’s not implemented and managed properly, then there’s no point in buying it.”
McLaughlin said the ransomware attack on Asahi and its consequences serve as another “wake-up call” for Japan as the impact of cyber breaches is becoming ever larger.
In late August, hackers hit luxury carmaker Jaguar Land Rover’s operations, forcing its factories in the United Kingdom to shut down for weeks. That hack has caused over 2 billion pounds ($2.7 billion) in losses, analysts estimated, with the carmaker’s plants yet to return to full capacity.
In response to growing concerns about cybercrime, Japan passed a sweeping new cybersecurity law in May, granting the government more power to defend the country and its businesses against cyber threats. In July, the National Cybersecurity Office was also established to oversee the country’s cyber defense strategy.
The fact that even well-established Japanese companies like Asahi can still be affected by cyberattacks highlights that such incidents have become “inevitable” in today’s environment, Masaki Hiraoka, managing director for North East Asia at Blackpanda, a cyber emergency response firm, told CNN.
The rapid advancement of artificial intelligence “enables threat actors to localize and automate their attacks more effectively,” making it easier than ever to target large enterprise and cyber infrastructure, he said.
Given that no company can be completely immune to cyber threats, Hiraoka said the priority should be “not only on preventing breaches, but also on responding and recovering effectively when they occur.” To minimize disruptions, he added, companies need to establish clear response strategies in advance, such as partnerships with cyber incident response providers.
Even as Asahi resumed shipments last week, demand for its popular alcoholic and non-alcoholic drinks outpaced its delivery capacity.
Spokespeople from Japan’s three largest convenience store chains all told CNN that they were experiencing some shortages of Asahi products, or worried about their stocks.
“Asahi Super Dry is a top-selling beer in Japan, so it would be sad if it disappeared from stores. I just hope people don’t start hoarding it,” Tokyo housewife Shoko Watanabe, 58, said.
“I never imagined a major Japanese corporation could be so easily and severely impacted by this kind of cyberattack.”
The-CNN-Wire
™ & © 2025 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
CNN’s Yumi Asada and Yosuke Tomida contributed to this report.
