German pharmaceutical company Bayer targeted by Winnti hacking group

• The pharmaceutical company has identified, analyzed, and cleaned up the affected systems.
• The drugmaker revealed that it discovered the infectious software on its network in 2018 but decided to monitor and analyze the threat instead of removing it.

What is the issue - German pharmaceutical giant Bayer disclosed that it was targeted by a cyber attack from a Chinese hacking group.

Why it matters - The drugmaker revealed that it discovered the infectious software on its network in 2018 but decided to monitor and analyze the threat instead of removing it.

Worth noting - The malware was removed at the end of March 2019.

The big picture

Bayer confirmed that there’s no evidence of any data theft. However, a spokesperson for Bayer stated that German state prosecutors are investigating the incident and the overall damage is currently being accessed.

• Bayer stated that it is working closely with a private cybersecurity firm DCSO and police in North Rhine-Westphalia state.
• The pharmaceutical company has identified, analyzed, and cleaned up the affected systems.

“The hackers used malware called WINNTI, which makes it possible to access a system remotely and then pursue further exploits from there. Once it has been installed, more or less any action can be carried out,” Andreas Rohr of the DCSO said.

“Bayer detected indications of (hacker group) Winnti infections at the beginning of 2018,” a spokesman told AFP, German public broadcasters BR and NDR reported.

According to German media reports, the Winnti hacking group is believed to be linked to the Chinese state.