Qilin, a ransomware group with a track record of intrusions against major entities around the world, claimed responsibility on Tuesday for a hack on Japan’s Asahi Group, which disrupted production at the beer and beverage giant.

Asahi Group’s beer-making subsidiary, Asahi Breweries, said on Monday that it had restarted production at its six Japanese beer plants on Oct. 2. It first said it had been hacked on Sept. 29.

Qilin posted 29 images to its website on Tuesday of what the group claims to be internal Asahi Group documents. The group claims to have stolen more than 9,300 files, or roughly 27 gigabytes of data, according to the entry on its website.

The authenticity of the documents could not immediately be verified.

Asahi's European subsidiary referred questions to Asahi Group, which did not respond to an emailed comment outside of office hours. Qilin did not respond to a request for comment.

Qilin operates a ransomware-as-a-service platform that allows malicious users to carry out hacks in exchange for a percentage of extortion proceeds. It first emerged in 2022 and boasts nearly 870 attacks, according to data compiled by eCrime.ch, a cybercrime research platform. The group was behind the June 2024 hack of British diagnostic services provider Synnovis, which officials said in June 2025 contributed to the death of a London hospital patient.

The group "is one of the most aggressive ransomware operations currently in circulation," said April Lenhard, the principal product manager at cybersecurity company Qualys, who described the group as "disruptive, highly active, and willing to create real-world chaos."