A new wave of cyber attacks carried out by a China-linked APT group hit German blue-chip companies BASF, Siemens, Henkel and others.

On Wednesday, German blue-chip companies BASF, Siemens, Henkel along with a host of others confirmed they had been targeted by a wave of cyber attacks. German media reported that the cyber attacks were launched by China-linked cyberespionage group.

According to the German broadcaster ARD, the systems at the companies were infected with the Winnti backdoor.

The experts believe that under the Winnti umbrella there are several APT groups, including Winnti, Gref, PlayfullDragon, APT17, DeputyDog, Axiom, BARIUM, LEAD, PassCV, Wicked Panda, and ShadowPad. The groups show similar tactics, techniques, and Procedures (TTPs) and in some cases shared portions of the same hacking infrastructure.

Recently Chronicle researchers while investigating the cyber attack that hit the Bayer pharmaceutical company in April spotted a Linux variant of the Winnti backdoor.

The Winnti group was first spotted by Kaspersky in 2013, according to the researchers the gang has been active since 2007.

The gang is financially-motivated and was mostly involved in cyber espionage campaigns. The hackers were known for targeting companies in the online gaming industry, the majority of the victims is located in Southeast Asia.

According to the Reuters agency, the hackers also targeted other firms, including Roche and airline Lion Air.

“Alongside the German firms named, companies including drug maker Roche, hotels group Marriott, airline Lion Air, conglomerate Sumitomo, and chemicals group Shin-Etsu were also targeted by the hackers, ARD reported.” reported the Reuters agency.

Siemens, Henkel and Roche blamed “Winnti” malware for the infections, while BASF and Covestro only confirmed that they have been victims of cyber attacks.

“All said that no sensitive information was lost, while none of the companies commented on whether the attacks had been launched by Chinese hackers.” continues the Reuters.

Other victims of the attacks, including Shin-Etsu, Sumitomo, Lion Air, Marriott and Valve have yet to comment the attacks.

In April, Bayer announced that it was victim of cyber attacks launched by China-linked APT group, the activity of this specific threat actor against Bayer was first spotted in early 2018 and according to the experts the hackers remained inside the company networks until late last month.

There was also a Winnti attack on computer systems at German technology group ThyssenKrupp in 2016, according to media reports at the time.

In 2016, the hackers also hit German heavy industry giant ThyssenKrupp to steal company secrets.

The hackers launched a “massive cyber attack” against the divisions dealing with orders planning of industrial plants, the conglomerate’s Industrial Solutions, and Steel Europe business divisions.

Pierluigi Paganini

(SecurityAffairs – China Linked APT, Winniti)

Share this...

Linkedin Reddit Pinterest

Share On