Quicksplained: Who is Qilin, the cybercriminal group taking credit for Asahi hack?

A few days ago, news emerged that Japan’s most popular beer company was facing a ransomware attack.

Many of the breweries of Asahi Super Dry, which is part of Asahi Group Holdings, have been left empty since the cyberattack. Much of its distribution networks remain offline.

Well, now a famous ransomware gang has come forward and taken responsibility for the hack. Qilin, a Russian ransomware group, has publicly claimed it stole 27 terabytes of data from the Japanese firm.

But what do we know about Qilin? Who are these cybercriminals?

Let’s take a closer look:

2. Qilin began gaining attention in late 2022. It offers itself to users as a ransomware-as-a-service (RaaS) network. Essentially, it allows associates to use its infrastructure and malware to blackmail organisations – in exchange for a healthy cut of the loot.

3. The group’s malware, which is written in Rust and C, can take aim at Windows, Linux and ESXi systems. It instructs users not to target countries such as Russia and Belarus. In 2025, Qilin has been one of the most active ransomware gangs.

4. It has taken credit for 105 confirmed ransomware attacks. The group has also claimed 473 more attacks – which have not been publicly confirmed. Qilin has claimed credit for four attacks in Japan. This includes Asahi in September, Osaki Medical and Nissan Creative in August, and Shinko Plastics in June. Over a dozen of its confirmed hacks have taken aim at manufacturers and makers of medical equipment.

5. According to data from eCrime.ch, a cybercrime research platform, the group is said to be behind 870 claimed attacks since it came to the forefront in late 2022. This includes the June 2024 hack of British diagnostic services provider Synnovis, which officials said contributed to the death of a London hospital patient.

6. The group on its website put up over two dozen images of what it claims are internal Asahi Group documents. It says it hacked over 9,300 files from Asahi Group. The group claimed the data comprised “, plans and development forecasts of the company”. Firstpost has not verified the authenticity of the documents.

7. Asahi has said that the probe is on. It has also declined to comment on Qilin’s claims, or any details about extortion demands or negotiations. Asahi Group’s beer-making subsidiary, Asahi Breweries, said on Monday it had restarted production at its six Japanese beer plants on October 2. It first said it had been hacked on September 29.

8. Asahi last week said it suffered a “system failure” across its Japan-based operations. On Friday, the company said the hack involved ransomware and admitted that data could have been stolen.

With inputs from agencies