Journalists of the Bayerischer Rundfunk (BR) have discovered a well-known spyware in the network of the chemical company Bayer. She is called Winnti, as well as the alleged developers behind it.
Bayer confirmed the find to the BR. The group discovered and monitored the malware in its systems at the beginning of 2018, as well as the law enforcement agencies in North Rhine-Westphalia. According to this, "systems at the interface from the intranet to the internet as well as authorization systems" were affected - which indicates that the perpetrators have targeted access data, among other things. However, there is no "evidence for data loss". How long the malware was already placed in the network, Bayer does not know.
The journalists had discovered the Winnti infection with a network scanner called Nmap. They had used the appropriate program to scan a dozen publicly traded companies in Germany for the malicious software. Without the search, the incident would probably not have become public knowledge. The investigation has also revealed that at least three medium-sized companies are also affected. The Federal Office for Information Security (BSI) informed the BR that they were companies in the fields of "chemicals, mechanical and plant engineering and software".
more on the subject
The Winnti group, according to BSI a loose collective with changing members, is associated by experts with the Chinese state or Chinese intelligence services. The IT security company Kaspersky Lab had already determined in 2015 that the Winnti Group had targeted a "well-known global pharmaceutical company headquartered in Europe". The group is also said to have infected the ThyssenKrupp network in 2016.
In recent months, security agencies and companies have repeatedly warned against massive Chinese industrial espionage.