Computer Security Winnti Cyber Attack Compromised Bayer Pharmaceutical Network

Winnti Cyber Attack Compromised Bayer Pharmaceutical Network

winnti cyber attack on bayerIn April, Bayer AG, one of the largest pharmaceutical and life sciences companies in the world, confirmed the company’s network had been compromised. The cybercriminals used the Winnti malware and are likely the Winnti Group.

A company spokesman said Bayer was aware that there had been indications of a potential Winnti infection at the beginning of 2018. The company also stated that there was "no evidence of data outflow," and working with DCSO, a cybersecurity company, and local police Bayer had found and cleaned the affected systems.

The Winnti Group, the suspected culprit in this attack, is an allegedly Chinese-based cybercriminal organization that derives its name from one of the malware families it often uses in its attacks - namely, the Winnti family of malware. The Winnti Group supposedly has been in operation since 2009, and some allege they may have some link to the state.

Depending on the researchers that analyze the attacks of the group, it may have many different names. The list is long and includes APT41, Wicked Panda, Barium, Suckfly, Blackfly, ShadowPad, ShadowHammer, etc. At this point, there is no conclusive evidence that it is a single group. If it is, the operations of these cybercriminals have been going on for a decade, and the damages caused would be very hard to calculate.

Where has Winnti hit its targets?

Geographically, the targets of the Winnti Group have been located on three continents and include Germany, the USA, the Russian Federation, Turkey, Sweden, and more. These criminals have targeted companies involved in many fields but mainly the technology, engineering, and manufacturing sectors. The tools and techniques the Winnti Group has been known to use are also varied and have evolved over the years targeting a multitude of countries around the globe.

There have been previous attacks on companies based in Germany. Most notably, an instance in 2016 when the Winnti malware had been found in some of the systems of Thyssenkrupp, a large industrial engineering, and steel production conglomerate.