Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australian employee data caught up in what the hacking group calls “a global information leak”, totalling an alleged 27 gigabytes of data.
Over a week after Japanese brewing giant Asahi was forced to suspend some of its operations in Japan in the wake of a disruptive cyber attack, an affiliate of the Qilin ransomware-as-a-service operation has claimed responsibility for the attack.
The hacker claims to have exfiltrated 27 gigabytes of data totalling 9,323 files and has also published 29 sample documents, which include financial statements, company invoices, photo ID of employees, and – in one case – the details of an Australian employee of Melbourne-based Asahi Lifestyle Beverages seconded to another Asahi office overseas.
For its part, Qilin claims to have “financial documents, budgets and contracts, as well as personal data of employees, plans and development forecasts of the company”, though it does specify that some of the data it allegedly has is already in the public domain.
The data leaked so far appears to be both historical and recent, with some documents dating back as far as 2018, while others are dated more recently. The documents appear to be legitimate, and Asahi currently employs the employees listed by the hackers.
Qilin has not listed a ransom demand nor a deadline for payment.
When Asahi first disclosed the incident and the disruption it had caused, the company said that no personal or customer data was impacted by the attack, though the most recent update – dated 3 October – does not include that note. The company now says it was a ransomware attack.
“Subsequent investigations have confirmed traces suggesting a potential unauthorised transfer of data. We are conducting investigation to determine the nature and scope of the information that may have been subject to unauthorised transfer,” Asahi said in its current update.
“As a result of the containment measures, operations across our domestic group companies – including order placement and product shipment – have been affected. Additionally, we are currently unable to receive email communications from external sources.”
Asahi is currently in the process of restoring operations “gradually in accordance with shipments”. All of Asahi’s food plants are now back up and running, albeit at a reduced capacity.
Cyber Daily has reached out to Asahi’s Melbourne office for comment, as well as its Japanese headquarters.
Takanori Nishiyama, SVP, APAC and Japan country manager at Keeper Security, told Cyber Daily that the Qilin attack is a sign of the “growing exposure of Japan’s manufacturing and industrial sectors to sophisticated cyber threats”.
“As production environments and supply chains become increasingly digitised, cyber criminals are exploiting legacy systems, unmonitored endpoints and privileged accounts to disrupt operations and extort payments,” Nishiyama said.
“Incidents like this highlight a consistent challenge across Asia-Pacific manufacturing: ransomware can halt production lines, delay shipments and affect global supply continuity. Compromised credentials and the misuse of privileged accounts continue to be among the most common entry points for such attacks, making identity and access management a critical component of any defence strategy.
“The Asahi incident is a clear reminder that operational resilience now depends on cyber security resilience, and that both must evolve together as Japan’s industrial sector continues its digital transformation.”
The Qilin ransomware-as-a-service operation was first observed in August 2022 and has claimed 823 victims since, making it one of the most active ransomware groups today. Qilin hires out its ransomware to affiliates in return for a cut of any ransom payment.
Qilin’s most recent Australian victim was the Wyong Rugby League Club, which was listed by the group on 17 August.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
