German chemicals giant Bayer confirmed Thursday reports it had suffered a hacking attack, but insisted that so far no data appeared to have been stolen.
The Leverkusen-based group “detected indications of (hacker group) Winnti infections at the beginning of 2018,” a spokesman told AFP, confirming reports by German public broadcasters BR and NDR.
“There is no evidence of data outflow,” he added.
Hackers from the so-called Winnti group, believed to be linked to the Chinese state, were first spotted using malicious software to spy on Bayer’s activities in early 2018 and were present in company networks until late last month, the media reports said.
Bayer said that “in close collaboration with” private cyber security organisation DCSO and police in North Rhine-Westphalia state it had “identified, analysed and cleaned up the affected systems.”
The two public broadcasters reported that state police had declined to comment on the investigation for “tactical reasons”.
For its part, Bayer said that Cologne state prosecutors were looking into the case.
Gerhard Schindler, former head of Germany’s BND foreign intelligence service, told BR that while it was extremely difficult to attribute hacking attacks to any state, spying on German firms was “in line with China’s ambitious economic goals”.
Andreas Rohr of the DCSO — set up by German companies as a joint cyber defence centre — said that given the targets so far chosen by Winnti, “we can assume that there is a very targeted tasking by the Chinese state,” although definite proof was impossible.
Winnti attacks have been discovered at three smaller German firms since the beginning of 2019, BR and NDR reported.
And in 2016, the group’s software was discovered in systems at industrial conglomerate Thyssenkrupp.

More from AFP
- Cyberattacks Target Websites of German Airports, Admin
- Meta Slapped With 5.5 Million Euro Fine for EU Data Breach
- International Arrests Over ‘Criminal’ Crypto Exchange
- France Regulator Raps Apple Over App Store Ads
- More Political Storms for TikTok After US Government Ban
- Meta Hit With 390 Million Euro Fine Over EU Data Breaches
- Facebook Agrees to Pay $725 Million to Settle Privacy Suit
- China’s ByteDance Admits Using TikTok Data to Track Journalists
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
