China (Winnti): Bayer announced this week that they have finally eradicated an infection on their corporate networks that was first discovered in January of 2018. So far Bayer’s IT staff have been unable to pinpoint when or how their systems were initially infected. Based on the tools found on their networks, the intrusion appears to have been the work of the Chinese cyber-espionage group Winnti, who initially got their start targeting online gaming, but later expanded their scope to include industrial espionage. Between Bayer’s work in both pharmaceuticals and with GMO’s, they are a very tempting target for the Chinese government. The infected devices were all located at the company’s headquarters in Germany, which follows in line with the surge of attacks being seen by German authorities coming from China targeting German organizations recently.
While Bayer has said that all indications at this point are that no information was stolen at this time, it is possible that as the investigation continues that this could change. Many Chinese groups have perfected the art of exfiltrating data quietly–allowing for a much greater level of success with cyber-espionage operations.