Contact Contact Us

Pharmaceutical Giant Deflects Attacks Bearing Chinese Hallmarks

German pharmaceutical company, Bayer, has contained a cyber attack that it believes originates from China. Bayer detected the intrusion early last year but covertly monitored and analysed the threat actors' activities before clearing it from infected systems in March 2019. Bayer concluded from its observations that the malware used was the Winnti backdoor, a customised tool bearing the marks of the Winnti group (aka PassCV, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF). Winnti is believed to have linkages with China's intelligence apparatus and typically uses spear phishing to collect credentials before infiltrating targeted network. The group is also known to rely on system administration tools and legitimate penetration testing utilities such as Metasploit and Cobalt Strike to spread and maintain unauthorised access in compromised hosts.

References:
[1] Bayer Contains Cyber Attack It Says Bore Chinese Hallmarks

Ensign InfoSecurity Singapore
30A Kallang Place
#08-01
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883