Asahi has confirmed it has been the victim of a ransomware attack, resulting in an “unauthorized transfer of data” from its servers. The Japanese brewing company provided an update on 3 October 2025, one week after disclosing that it had been targeted by a cyberattack, which forced it to suspend some domestic operations in Japan. The company established an Emergency Response Headquarters to investigate the incident, which discovered that the attack was related to ransomware.
“Subsequent investigations have confirmed traces suggesting a potential unauthorized transfer of data. We are conducting an investigation to determine the nature and scope of the information that may have been subject to unauthorized transfer,” Asahi wrote. The firm said it isolated affected systems to try and safeguard critical data, including the personal information of customers and business partners.[1]
No information has been provided on whether a ransom demand has been issued by the hackers. “To prevent further damage, we are withholding specific details regarding the cyber-attack,” Asahi added. No ransomware group has claimed responsibility for the attack at the time of writing.
The Tokyo-based company, which owns a range of well-known global drinks brands, also provided more details on the operational impact caused by containment measures. Order and shipment operations at group companies in Japan were immediately suspended following detection, as were call center operations, including customer service desks. In the latest update, Asahi revealed that system-based order and shipment processes remain suspended. It is also currently unable to receive email communications from external sources.
The company has begun partial manual order processing and shipment. In addition, it aims to “partially and gradually” resume call center operations, including customer services, across its Asahi Breweries, Asahi Soft Drinks, and Asahi Group Foods, during the week starting October 6.
“While we are unable to provide a clear timeline for recovery currently, our Emergency Response Headquarters is working in collaboration with external cybersecurity experts to restore the system as quickly as possible. The scope of the system disruption is currently limited to Japan,” Asahi noted. On 1 October 2025, the company announced that it had postponed the launch of a new product, scheduled for release in October, due to the cyberattack. A new release date has not been confirmed at this time. The potential impact of the incident on Asahi’s financial results for fiscal year 2025 is currently under review.
This article is shared with permission at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments, or assistance, please contact the office directly at 1-844-492-7225 or feedback@redskyalliance.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://register.gotowebinar.com/register/5207428251321676122
[1] https://www.infosecurity-magazine.com/news/asahi-ransomware-attack-data-stolen/
Comments