On September 29th, Asahi Breweries, known for Asahi Super Dry Beer, and owner of Peroni, Pilsner Urquell, and Grolsch underwent a cyber attack. Resulting in halted beer production, order placement, and shipping operations. This led to shortages of the beer and other Asahi products. There were bigger impacts from the attack, in terms of the company’s cyber security, it highlighted the lack of preparedness from Japanese corporations, particularly in ransomware attacks, where attackers take access to their systems and demand payment for their restoration. It’s unknown whether Asahi were demanded a ransom.
Ransomware group Qilin are claiming responsibility for the attack. The Russian-speaking cyber crime organisation have been active for several years, and most notably have been linked to several cyber attacks on London hospitals, resulting in affected systems, and in 2024 they amassed over €45 million in ransom payments alone.They are known for performing double extortion of victims, with high speed encryption and deletion of backups of targets and exfiltration of data. They are the leading ransomware threat across the world due to a rapidly rising marketplace and their ability to perform highly targeted, high impact ransomware attacks designed to ensure substantial payouts.
In Japan, Qilin took credit for four confirmed attacks this year, excluding Asahi, there were attacks on Shinko Plastics in June, Nissan Creative Box and Osaki Medical in August. Fourteen of the groups confirmed attacks were targeted at manufacturers this year. While the companies are working to restore full operations, the disruptions highlight the vulnerabilities of complex supply chains to cyber attacks.
Although Japan is known for its world class robotics and high tech industries. It’s susceptible to these attacks due to its rapidly aging population and their low digital literacy rates, along with a shortage of cyber security specialists. Japan’s National Police Agency reported 116 ransomware attacks on companies and individuals in the first six months of this year. Recovery costs for these attacks have also risen since last year, along with percentages of companies that suffered more than €75000 in costs increasing over fifty percent.
Nihon Cyber Defence have been quoted saying that, “Japan was slower to the game than the rest of the world. You can buy all of the cybertechnology in the world. But if it’s not implemented and managed properly there’s no point in buying it”. They’ve called the ransomware attack on Asahi, a “wake up call” for Japan with the increasing number of cyber attacks. In May this year, Japan enacted a new “Active Cyber Defence” law, which allows the government to take preemptive action against cyber threats by legally accessing and disabling foreign servers that have been flagged as staging grounds for attacks.
This legislation will transform Japan from a reactive to a proactive Cybersecurity position, granting police and self defence forces the authority to neutralise hostile cyber infrastructure before attacks occur, and is set to be fully operational in 2027.
The law is built around three main pillars, which will take effect in phases.
Pillar 1 – Strengthening Public/Private Collaboration
Expected to be launched by next month, the law establishes a new Cyber Council. Aiming to enhance information sharing and incident response between government agencies and private sector partners. The Council will act as a platform for threat intelligence exchange, response coordination, and strategic planning.
Pillar 2 – Leveraging Information and Data under Communications for Threat Detection
Expected to be operational within two years, the law will provide clear authority for the use of communications related data to identify and analyse cyber threats legally.
Pillar 3 – Remote Access and Neutralisation Measures
Expected to be operational within a year, this will allow government authorities to remotely access and neutralise attacker infrastructure. The actions will be carried out under strict legal and procedural oversight, and only when necessary to prevent serious cyber incidents.
As the law’s provisions are phased in, Japan will be well positioned to strengthen its international cybersecurity partnerships. Asahi Breweries have resumed production from October 2nd, and partial shipments will also resume as part of an ongoing recovery effort. In a recent statement, Asahi apologised, saying,”We would like to sincerely apologise for any difficulties caused by the recent attack”.
