State-backed Chinese hacking group behind Winnti cyberattack on BASF, Siemens, Henkel, Roche?

cyber attack
Cyber security Pixabay

Pharmaceutics company Roche as well as other big organizations such as BASF, Siemens and Henkel were targeted by cybercriminals and some of them reported that it was a Winnti cyberattack, which is believed to have been conducted by the hackers who are linked to the Chinese government.

The Swiss multinational healthcare company, Roche announced on Wednesday, July 24 that the drug-maker was hit by the Winnti cyberattack. The company said that it has detected and deflected the attack.

As reported, a company spokesperson said,"Roche has been targeted by various attackers in the past, including the group known as Winnti. These attacks were detected and remediated... Roche hasn't lost any sensitive personal data of our employees, patients, customers or business partners."

Roche said that it had worked with US authorities as well as officials from Europe and Switzerland on cybersecurity threats and shared information with other companies. However, experts believe that the Winnti attack was launched by the Chinese.

Earlier this year, the German multinational pharmaceutical company Bayer also reported a cyber-attack which was detected in 2018. The company said that no evidence was found that showed sensitive data had been stolen from the database.

As reported by Reuters, the public broadcaster ARD stated that the hackers used a type of malware called Winnti, which allowed the attackers to get easy access to a victim's computer network. Even the analysis of the malware code showed which companies were attacked by the cybercriminals, who are allegedly working for the Chinese government.

The ARD report further revealed that hotel group Marriott, airline agency Lion Air, conglomerate Sumitomo and chemicals group Shin-Etsu were also targeted by the hackers.

As per the media reports, in 2016, there was a Winnti attack on computer systems at German technology group ThyssenKrupp.

It should be noted that the cybersecurity company Kaspersky Lab started its research in 2011 focusing on several attacks against private companies around the world. Later it revealed that during the research they found that the activity of a hacking group which has Chinese origins and the hackers' group was named "Winnti".

Kaspersky also revealed that as per their understanding, the group has been active for several years and it specializes in cyberattacks, mostly against the online video game industry. In further addition, it revealed that the main objective of that group is to steal source codes for online game projects as well as the digital certificates of legitimate software vendors.