German multinational pharmaceutical and life sciences company Bayer AG has revealed that it detected and contained a digital attack.
As reported by Reuters, Bayer discovered the installation of malicious software on its systems in early 2018. It then quietly monitored and analyzed the malware through the end of March 2019. Ultimately, it removed the threat from its systems.
Bayer has attributed the attack to Winnti. This group first became famous for targeting gaming platforms for the purpose of diverting in-game currency and monetizing it on the dark web. Eventually, the group then began directing its efforts towards conducting digital espionage. This shift in tactics led the threat actor to target ThyssenKrupp, a German multinational conglomerate which specializes in industrial engineering and steel production, back in 2016.
A representative at Bayer said that this latest attack constituted a “significant hacking attempt” but clarified that “there is not evidence of identity theft.”
Gerhard Schindler, the former head of Germany’s BND foreign intelligence service, told radio stations that it’s difficult to to determine the location of the attackers responsible for the incident at Bayer. Even so, Kaspersky Lab wrote in a 2013 report that Winnti is likely of Chinese origin.
This isn’t the first time that Bayer has suffered a security incident. Back in 2017, a spokesperson for the company confirmed that the conglomerate had received reports from two medical customers based in the United States indicating that at least some of their devices had suffered infections from WannaCry. The spokesperson confirmed at the time that Bayer’s Technical Assistance Center had worked with the two hospitals to restore normal operations within 24 hours. They also revealed the company’s intention to roll out a patch that would further protect its Windows-based medical devices against infection.
Bayer isn’t the only German organization which Winnti has recently targeted. As reported by Phys.org, three other smaller German companies have also suffered malware infections at the hands of the group this year alone.