Pharma giant Bayer targeted by China-linked APT called 'Wicked Panda'

Trojan horse linked to Chinese government-linked group used to gain access to Bayer's network

German pharmaceuticals giant Bayer claims to have fended off a nation-state cyber attack from a group linked with China.

In a statement today, the company claimed that its in-house security team picked-up evidence of an attack early in 2018, identifying Trojan horse malware called Winnti. It claims that it covertly monitored the threat as it developed until the end of March, before moving in and clearing up.

"There is no evidence of data theft," the company claimed in the statement. An official investigation has been launched. The company claimed that the attack bore the hallmarks of the Wicked Panda advanced persistent threat (APT) group, which has been linked with Chinese intelligence.

According to a report by security firm ProtectWise, a number of Chinese state-linked groups use the Winnti Trojan as part of their attack toolsets, and all are linked with Chinese intelligence services. "The Chinese intelligence apparatus has been reported on under many names, including Winnti, PassCV, APT17, Axiom, LEAD, BARIUM, Wicked Panda, and GREF," warned the report.

The group that attacked Bayer is believed to be the same one that attacked steel and engineering company Dax Group ThyssenKrupp in 2016, according to German newspaper reports, indicating an industrial espionage motive.

The attack on Bayer comes just weeks after industrial group Norsk Hydro admitted that a number of its systems had been compromised in a ransomware attack. Norsk's losses are estimated at $40 million.

The IT Leaders' Summit is back - coming to London on 23 April.

This year, it will focus on 'Driving the Digital Roadmap for the Enterprise'. Speakers include Shivvy Jervis, The Trainline's Mark Holt, NatWest's Tom Castle McCann's Matt Groshong and a special keynote from a high-profile tech leader and visionary. For more details - and to reserve your place - check out the dedicated website. Places are FREE to qualifying CIOs, IT leaders and senior IT pros, but are going fast!