China (Winnti): Bayer announced this week that they have finally eradicated an infection on their corporate networks that was first discovered in January of 2018. So far Bayer’s IT staff have been unable to pinpoint when or how their systems were initially infected. Based on the tools found on their networks, the intrusion appears to have been the work of the Chinese cyber-espionage group Winnti, who initially got their start targeting online gaming, but later expanded their scope to include industrial espionage. Between Bayer’s work in both pharmaceuticals and with GMO’s, they are a very tempting target for the Chinese government. The infected devices were all located at the company’s headquarters in Germany, which follows in line with the surge of attacks being seen by German authorities coming from China targeting German organizations recently.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased