[BreachExchange] German chemicals giant Bayer victim of year long cyber attack

Destry Winant destry at riskbasedsecurity.com
Fri Apr 5 09:24:03 EDT 2019


https://techerati.com/news-hub/bayer-cyber-attack-malware-china/

Bayer says no data leaks have been discovered and that investigations
are still ongoing

German chemicals juggernaut Bayer was subject to a sustained cyber
attack lasting for more than a year, according to reports in German
media.

German radio stations Bayerischer Rundfunk (BR) and Norddeutscher
Rundfunk (NDR) said the Winnti hacking group is responsible for the
attack. They claim Winnti infiltrated Bayer’s network early last year
and deployed malware in an attempt to steal company secrets.

“Signs of infection by Winnti were detected at the start of 2018 and
important analysis was carried out,” they said.

Bayer confirmed that a “significant” cyber attack had occurred as a
result of Winnti infections but said no data leaks had been
discovered.

“Our Cyber Defense Centre detected indications of Winnti infections at
the beginning of 2018 and initiated comprehensive analyses,” Bayer
said in a statement. “There is no evidence of data outflow. Our
experts at the Cyber Defense Centre have identified, analysed and
cleaned up the affected systems, working in close collaboration with
the German Cyber Security Organization (DCSO) and the State Criminal
Police Office of North Rhine-Westphalia. Investigations of the Public
Prosecutor’s Office in Cologne are ongoing.”

The Winnti group has Chinese origins and has been active for several
years, according to a report by cyber security company Kaspersky Lab.

The hacking group specialises in stealing source code and digital
certificates from online video games, it says.

However the former head of the German foreign intelligence service,
Gerhard Schlinder, said it was difficult to establish the hackers’
origins.

Although the malware itself can be traced back to the Chinese group,
it could have been deployed by another group.

Winnti’s malware has been found on the systems of three other small
German firms this year, as well as industrial giant Thyssenkrupp in
2016, according to BR and NDR.

If Winnti is responsible, it’s another example of the growing trend in
industrial cyber crime. Almost one in two industrial systems display
evidence of an attempted cyber attack, according to a report released
by Kaspersky Lablast month.

Last month Norwegian aluminium producer Norsk Hydro was forced to shut
down key business facilities after falling victim to a ransomware
attack.


More information about the BreachExchange mailing list