Bayer cyber attack: Chinese hackers Wicked Panda used Winnti malware

by Linas Kiguolis - -

Pharmaceutical giant Bayer experiences a cyber attack launched by a cybercriminal group Wicked Panda

Winnti hackers responsible for launching a cyber attack on Bayer

Bayer, a German pharmaceutical company, experienced a cyber attack that was launched by Chinese cybercrime group Wicked Panda.[1] As reported by Reuters, the drug manufacturer announced about the incident on Thursday, although the attempt to compromise company's system was launched a while ago – at the start of 2018.

The malware, dubbed Winnti (Backdoor.Win32(Win64).Winnti by Kaspersky), is a relatively old threat which first made appearances back in 2011. It allows remote code execution, which can compromise the entire networks of the companies. The threat is known for attacks on such companies like ESTsoft Corp, Rosso Index KK, MGAME Corp.[2] Most of these are located in East Asian countries, so Bayer hacking attempt is something exclusive and, most likely, high-profile.

While the attack was identified a long time ago, Bayer did not rush to terminate its operation immediately. The organization claims to have spied on the infected software in order to analyze its activity and goal, along with the culprit behind the attack. Finally, malicious software was removed in March this year and is no longer active on the drug sellers' servers.

Winnti malware has been used not only for attacking Bayer but is also had launched attempts on online gaming projects in the past

The hacking attempt was performed by Chinese professional group Wicked Panda. The group is responsible for multiple other cyber attacks in the past and is capable of carrying out “multiple international attacks in parallel,” as explained by a security expert from DCSO – a group that investigated the incident.

The same malware was used in the past also. An attempt was made three years ago at the German technology company ThyssenKrupp[3] to steal important data and valuable property from the organization.[4] Tech experts claim that Winnti malware is used to carry hacking attempts to receive more income. According to Kaspersky Lab experts,[2] Winnti has a purpose of performing cyber attacks on online gaming projects:

According to our estimates, the Winnti group has been active for several years and specializes in cyber-attacks against the online video game industry. The main objective of the group is to steal source code of online game projects as well as digital certificates of legitimate software vendors.

Further information about the Winnti malware states that after the theft of beforementioned certificates they were misused to distribute other malware and launch cyber attempts on political parties throughout Tibet and South Korea.

Bayer claims that after a checkup there were no signs of data theft detected

The damage that might have been done to Bayer's serves and financial losses by Winnti is still at the investigation stage. Additionally, the drug organization has claimed that there are no signs of sensitive data theft and exposure.[5] However, even though they were asked for further details on the cyber attack, Bayer did not give any other particular information.

Cybersecurity specialists claim that supposedly the Wicked Panda hacker group has been launching similar attacks from 2009 to 2018. Such phishing attacks are one of the most popular attacking strategies which are often led by self-created malicious software, a component such as Cobalt Strike, and other similar tools.

About the author

Linas Kiguolis
Linas Kiguolis - Expert in social media

Linas Kiguolis is one of News Editors and also the Social Media Manager of 2spyware project. He is an Applied Computer Science professional whose expertise in cyber security is a valuable addition to the team.

Contact Linas Kiguolis
About the company Esolutions

References