People lined up to check-in at Japan Airlines counters in the departures hall of Tokyoʼs Haneda Airport on December 26, 2024. Japan Airlines reported a cyberattack the same day that caused delays to domestic and international flights, but later said it had identified and resolved the issue. Photo: AFP=JIJI
The system disruption was discovered on September 29.
About 10 days earlier, attackers had breached the group's network and stolen passwords and administrative privileges needed to access the data center.
Early on September 29, ransomware attacks were launched simultaneously from servers, encrypting some data and triggering the disruption.
Factory production was unaffected, but the order and shipment systems used to deliver products to customers were hit.
For roughly two months, the Asahi Group relied on "20th-century-style" phone and fax orders, but key products such as beer continued to fail to reach many retailers and restaurants.
A group calling itself "Qilin" has claimed responsibility for the attack.
President and CEO Katsuki stated, "We have not paid the ransom. Even if we did, full restoration is not guaranteed, and if it became known that we paid, we would be targeted by other attackers as well."
He added that backups remained intact and that the company could restore the systems on its own, but system normalization is not expected until February 2026.
Cyberattacks know no borders
A major Japanese company "going up in flames" due to ransomware symbolizes how defenses against cyberattacks are becoming more difficult each year.
Ransomware, now the dominant form of cyberattack, is a computer virus that infiltrates corporate PCs and servers, encrypts data such as internal documents and customer information, and renders it unusable.
It demands money in exchange for restoring the data, and its name combines "ransom" and "software."
Infection can occur when someone opens an attached file in a phishing email or clicks a link to access a website.
In effect, there are as many entry routes as there are employees' computers.
Advances in generative AI are erasing language barriers, and phishing emails are now written in polished, natural language with little to give them away.
Kenichi Sakurazawa, managing director of the Japan Cybercrime Control Center, warned: "If you have not decided in advance whom to report the damage to and where to seek help, you are finished."
Large companies face the risk of ransomware not only at headquarters but also at overseas branches. We have entered an era in which cyberattacks know no "borders."
Japanese beer giant Asahi Group Holdings, Ltd. President and CEO Atsushi Katsuki (C) speaks during a press conference at a hotel in Tokyo on November 27, 2025. Asahi said on November 27 that it has delayed the release of the full-year financial results due to a major ongoing cyberattack that began in late September. Photo: AFP=JIJI
Southeast Asia, a prime target for cybercriminals
Ransomware, hacktivism (cyberattacks that use hacking techniques for political or social purposes), and AI-driven cyberattacks are rising worldwide.
The Asia-Pacific region is among the areas hit most frequently.
A February 27, 2025, press release by cybersecurity company Check Point Software Technologies Ltd. states that organizations in the Asia-Pacific faced an average of 2,915 attacks per week over the past six months, far exceeding the global average of 1,843 attacks per week.
Southeast Asia, often described as the "growth center of the world," has experienced rapid development of its digital economy.
However, security measures and workforce development have not kept pace.
This has made the region an "attractive" target for cybercrime groups seeking financial gain by targeting government agencies and companies through hacking, ransomware attacks, data theft, and other methods.
Late in March 2024, a prominent Vietnamese securities firm, VNDIRECT, was hit by a ransomware attack and suspended trading services for about a week.
In early April 2024, PVOIL, a leading petroleum products seller, suffered a ransomware-related hacking attack that disrupted its electronic invoice issuance system, website, email, and other services.
In mid-June 2024, Indonesia's national data center was breached, disrupting systems across many government agencies and causing confusion in areas such as airport immigration operations and procedures for providing scholarship benefits.
The attackers used a ransomware called "LockBit 3.0" and demanded a ransom of US$8 million.
It is said to have been among the largest attacks the country has ever experienced.
In late March 2025, Malaysia's Kuala Lumpur International Airport was hit by a ransomware attack, and attackers demanded a ransom of $10 million.
Japanʼs Prime Minister Sanae Takaichi. Photo: Jiji Press
Japan's public-private push for cooperation
Cross-border cybercrime calls for countries to work in close coordination.
Japan and ASEAN have built cooperation on multiple fronts.
In 2018, the two sides established the ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) in Bangkok, Thailand, as a hub for developing information security talent.
The center teaches government officials and others how to defend against and analyze cyberattacks, including targeted-attack exercises that simulate responding to sophisticated emails designed to infect users with malware.
In 2024, the ASEAN-Japan Cybersecurity Community Alliance (AJCCA) was launched to promote information sharing and exchange among cybersecurity organizations across the public and private sectors.
Rudi Lumanto, founder of idNSA (Indonesia Network Security Association), was appointed chairman, while Hiroshi Esaki, president of the Japan Network Security Association (JNSA) and a professor at the University of Tokyo, became vice chair.
Esaki emphasized that "in ASEAN—where rapid economic growth and industrial advancement and digitalization are underway—cybersecurity measures for industrial and social infrastructure are essential to the sustainable development and growth of socioeconomic activities."
Trend Micro Inc., a major Japanese cybersecurity company, is working with Interpol to train cybercrime investigators in Southeast Asian countries to analyze how computer viruses and malicious programs work.
Japan's Ministry of Defense and Self-Defense Forces, together with ASEAN defense authorities, have also conducted joint cybersecurity exercises since 2022.
A comprehensive capstone exercise was held in Tokyo in July 2025.
Japan is strengthening Southeast Asia's capacity to respond to cyberattacks through a joint effort that brings together both the public and private sectors.
With more than 15,000 Japanese companies operating across the ASEAN region, stronger cyber defense capabilities also help stabilize their production and supply chains.
Through the fight against rapidly evolving cyberattacks, Japan and ASEAN are deepening their ties.
Max: 1500 characters
There are no comments yet. Be the first to comment.