Written by James Orme Thu 4 Apr 2019

Bayer says no data leaks have been discovered and that investigations are still ongoing

German chemicals juggernaut Bayer was subject to a sustained cyber attack lasting for more than a year, according to reports in German media.

German radio stations Bayerischer Rundfunk (BR) and Norddeutscher Rundfunk (NDR) said the Winnti hacking group is responsible for the attack. They claim Winnti infiltrated Bayer’s network early last year and deployed malware in an attempt to steal company secrets.

“Signs of infection by Winnti were detected at the start of 2018 and important analysis was carried out,” they said.

Bayer confirmed that a “significant” cyber attack had occurred as a result of Winnti infections but said no data leaks had been discovered.

“Our Cyber Defense Centre detected indications of Winnti infections at the beginning of 2018 and initiated comprehensive analyses,” Bayer said in a statement. “There is no evidence of data outflow. Our experts at the Cyber Defense Centre have identified, analysed and cleaned up the affected systems, working in close collaboration with the German Cyber Security Organization (DCSO) and the State Criminal Police Office of North Rhine-Westphalia. Investigations of the Public Prosecutor’s Office in Cologne are ongoing.”

The Winnti group has Chinese origins and has been active for several years, according to a report by cyber security company Kaspersky Lab.

The hacking group specialises in stealing source code and digital certificates from online video games, it says.

However the former head of the German foreign intelligence service, Gerhard Schlinder, said it was difficult to establish the hackers’ origins.

Although the malware itself can be traced back to the Chinese group, it could have been deployed by another group.

Winnti’s malware has been found on the systems of three other small German firms this year, as well as industrial giant Thyssenkrupp in 2016, according to BR and NDR.

If Winnti is responsible, it’s another example of the growing trend in industrial cyber crime. Almost one in two industrial systems display evidence of an attempted cyber attack, according to a report released by Kaspersky Lab last month.

Last month Norwegian aluminium producer Norsk Hydro was forced to shut down key business facilities after falling victim to a ransomware attack.