--- title: "Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery | DMARC Report" description: "Qilin ransomware halts Asahi beer production, Water Saci malware spreads via WhatsApp in Brazil, and UK police arrest two 17-year-olds tied to a Kido breach." image: "https://dmarcreport.com/og/blog/japan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery.png" canonical: "https://dmarcreport.com/blog/japan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery/" --- Quick Answer The Qilin ransomware-as-a-service group claimed a September 29, 2025 attack on Asahi Group Holdings that halted orders, shipments, and call center operations and contributed to beer supply shortages in Japan. Trend Micro documented Water Saci, a self-propagating malware campaign in Brazil that abuses WhatsApp desktop sessions to push a malicious zip file, primarily hitting government, public sector, financial, and crypto targets. UK Metropolitan Police arrested two 17-year-olds tied to a breach of nursery chain Kido that exposed names, addresses, and photos of more than 8,000 children, with about 20 images briefly posted to the dark web. Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/) Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fjapan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Japan%20Brewery%20Hacked%2C%20Brazil%20Whatsapp%20Malware%2C%20Teens%20Target%20Nursery&url=undefined%2Fblog%2Fjapan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fjapan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fjapan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery%2F&title=Japan%20Brewery%20Hacked%2C%20Brazil%20Whatsapp%20Malware%2C%20Teens%20Target%20Nursery "Share on Reddit") [ ](mailto:?subject=Japan%20Brewery%20Hacked%2C%20Brazil%20Whatsapp%20Malware%2C%20Teens%20Target%20Nursery&body=Check out this article: undefined%2Fblog%2Fjapan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery%2F "Share via Email") ![Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery](https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg) ![Dmarc record 5521 150x150](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-record-5521-150x150.jpg) > Email authentication isn’t just about preventing spoofing - it’s about trust, says Vasile Diaconu, Operations Lead at DuoCircle. Every email your organization sends either builds trust or erodes it. SPF, DKIM, and DMARC are the foundation of that trust. Without them, receivers have no way to distinguish your legitimate email from an attacker’s. ``` DMARC Report ``` Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery ```

00:00 ``` / ``` 2:13 ``` RSS Feed ``` Share Link Embed ``` /\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-32660” readonly/> ``` ``` As everyone is slowly gearing up for the festive season, it is important to understand that letting your guard down completely can be quite risky. Whether you indulge in online shopping or book that much-awaited vacation, make sure you stay vigilant enough to steer clear of any [cyberattack](https://www.bloomberg.com/news/articles/2025-10-08/bridgestone-braces-for-tougher-second-half-on-us-slowdown-cyberattack). This week, we will start our bulletin with the recent [ransomware attack](https://www.insurancebusinessmag.com/us/news/cyber/ransomware-attack-shuts-down-nevada-insurance-division-website-548454.aspx) on Japan’s Asahi brewery. Next, we will talk about a malware attack on Brazilian WhatsApp users. Lastly, we will wind up the bulletin with the news of two teens who managed to target a nursery chain. Everyone believes that a cyberattack won’t affect them until it does. The recent attacks are actually a staggering reminder of how close these [cybercrooks](https://www.csoonline.com/article/4032743/cybercrooks-faked-microsoft-oauth-apps-for-mfa-phishing.html) can get. So, \*\*awareness and cyber preparedness are the only ways to keep these [threat actors](https://cybersecuritynews.com/iranian-threat-actors-attacking-u-s-critical-infrastructure/) away. Let’s not waste any more time and get started! ![Dmarc analyzer 5600](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-analyzer-5600-1.jpg) ## Japan’s brewery struggles with beer production after being targeted by a ransomware gang! Asahi, a popular Japanese brewery, was targeted by a ransomware gang last week. Because of the cyberattack on September 29, [Asahi Group Holdings](https://jp.linkedin.com/company/asahigroup-holdings) shut down all its operations immediately. It also isolated impacted systems. As a result, suddenly, beer enthusiasts experienced an abrupt shortage in the supply of their favorite beer. The Japanese brewery and food giant had to halt all its orders and shipments, too. It also took a precautionary move and suspended call center activities. The Qilin \*\*ransomware-as-a-service group has claimed responsibility for the attack on Asahi. They have also published a screenshot of some of the internal documents of Asahi. One of the most active ransomware gangs in 2025, Qilin has managed to carry out [105](https://www.comparitech.com/news/ransomware-gang-qilin-says-it-hacked-asahi-group-stole-data/) confirmed and 473 non-confirmed threat attacks. Proper investigation is being carried out as Asahi is giving its **200%** to restore all its operations and bring the manufacturing process back on track. ![Dmarc report](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-report-3247.jpg) Experts believe that the manufacturing sector is becoming an increasingly popular target among ransomware gangs. They believe that inadequate investment in [cybersecurity](https://dmarcreport.com/blog/how-to-educate-or-train-employees-on-cybersecurity/) systems is further fueling the problem. In the last 6 years, around [85](https://www.darkreading.com/ics-ot-security/cyberattack-beer-shortage-asahi-recovers)[0](https://www.darkreading.com/ics-ot-security/cyberattack-beer-shortage-asahi-recovers) ransomware groups have targeted manufacturers, leading to an average of\*\* $1.9 million worth of loss on a per-day basis. The attack highlights the \*\*need for stronger cybersecurity and robust [email authentication](https://dmarcreport.com/blog/why-email-security-matters-and-how-to-get-it-right/) with [DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/). ## Brazilian WhatsApp users targeted by self-propagating malware! In Brazil, [cybercriminals](https://therecord.media/brazil-malware-whatsapp-sorvepotel) are targeting businesses through WhatsApp’s desktop sessions. It is an aggressive campaign designed with the sole purpose of gaining access to [sensitive information ](https://www.usatoday.com/story/news/politics/2025/04/21/secretary-defense-pete-hegseth-second-signal-chat/83191815007/)in \*\*cryptocurrency exchanges and financial institutions. ![Dmarc generator](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-generator-6955.jpg) The campaign is known by the name of Water Saci. Basically, it abuses WhatsApp sessions to automatically affect all the contacts and groups in touch with that session. They do so by using a malicious zip file. The campaign involves sending a fake message to WhatsApp users, asking them to download a zip file and open it on their desktop. [Water Saci](https://www.trendmicro.com/en%5Fus/research/25/j/self-propagating-malware-spreads-via-whatsapp.html) so far has targeted mainly **government and public services**. _Other sectors, such as construction, technology, education, and manufacturing, are also facing the brunt of Water Saci_. In order to **stay safe and secure data**, experts have suggested disabling [auto-downloading of documents](https://www.ninjaone.com/blog/automatic-file-downloads-in-windows/) and media. Spreading awareness among employees and educating them about the campaign is also a smart move and can be of great help to avoid any such cyber mishap. ![Dmarc report](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-report-8866.jpg) ## Teens arrested as they targeted a nursery chain! A recent cyberattack incident on nurseries across London was giving tough times to the cybersecurity experts and concerned authorities. Now the police have arrested two 17-year-olds. As per the **Metropolitan Police**, the teen duo had been misusing a computer and were also involved in blackmail. They have allegedly stolen highly sensitive data of a popular nursery chain. The data includes names, addresses, and photographs of over [8000](https://www.bbc.com/news/articles/cpvlgzk0xvpo) children. [London police](https://www.wbir.com/article/news/crime/man-dead-after-police-shoot-in-home-wrong-house/51-52359636-a5fa-461c-80d8-d80796a23ac7) have arrested them and will keep them in custody for further questioning. Such cyberincidents are a bleak reminder of the fact that no one is safe, not even your toddler who is going to their nursery classes. Parents and caregivers have been immensely stressed after this [cyber mishap](https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html). ![Dmarc generator](https://media.mailhop.org/dmarcreport/images/2025/10/dmarc-generator-6002.jpg) The most concerning part is that the teen hackers stooped really low and started posting pictures of the kids on the dark web on September 25 onwards. The cybercrooks got in touch with the parents directly and asked them to pressure Kido’s to pay the ransom. The pictures of \*\*20 children were published on the dark web before police nabbed the [cybercrooks](https://www.msn.com/en-in/news/India/cybercrooks-cheat-us-based-techie-in-digital-arrest-threat-con/ar-AA1KEr6r). Just before the arrest, the teens blurred the images of the kids and later removed all the data from the dark web, claiming that all the data had already been deleted. Kido’s, on the other hand, have worked closely with the police and other relevant authorities, offering complete cooperation throughout the **investigation process**. ## Topics [ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/) ![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Take control of your DMARC reports Turn raw XML into actionable dashboards. Start free - no credit card required. [Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/) ## Related Articles [ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/) ```json {"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json [{"@context":"https://schema.org","@type":"BlogPosting","headline":"Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery","description":"Qilin ransomware halts Asahi beer production, Water Saci malware spreads via WhatsApp in Brazil, and UK police arrest two 17-year-olds tied to a Kido breach.","url":"https://dmarcreport.com/blog/japan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery/","datePublished":"2025-10-10T08:17:03.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-10-10T08:17:03.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/japan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery/"},"articleSection":"foundational","keywords":"dkim, DMARC, News, SPF","wordCount":1095,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}] ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Japan Brewery Hacked, Brazil Whatsapp Malware, Teens Target Nursery","item":"https://dmarcreport.com/blog/japan-brewery-hacked-brazil-whatsapp-malware-teens-target-nursery/"}]} ```