Bayer confirms cyber attack but says no data stolen

BERLIN — German chemicals giant Bayer confirmed Thursday reports it had suffered a hacking attack, but insisted that so far no data appeared to have been stolen.

The Leverkusen-based group “detected indications of (hacker group) Winnti infections at the beginning of 2018,” a spokesman told AFP, confirming reports by German public broadcasters BR and NDR.

“There is no evidence of data outflow,” he added.

Hackers from the so-called Winnti group, believed to be linked to the Chinese state, were first spotted using malicious software to spy on Bayer’s activities in early 2018 and were present in company networks until late last month, the media reports said.

Bayer said that “in close collaboration with” private cyber security organisation DCSO and police in North Rhine-Westphalia state it had “identified, analyzed and cleaned up the affected systems.”

The two public broadcasters reported that state police had declined to comment on the investigation for “tactical reasons”.

For its part, Bayer said that Cologne state prosecutors were looking into the case.

Gerhard Schindler, former head of Germany’s BND foreign intelligence service, told BR that while it was extremely difficult to attribute hacking attacks to any state, spying on German firms was “in line with China’s ambitious economic goals”.

Andreas Rohr of the DCSO — set up by German companies as a joint cyber defense centre — said that given the targets so far chosen by Winnti, “we can assume that there is a very targeted tasking by the Chinese state,” although definite proof was impossible.

Winnti attacks have been discovered at three smaller German firms since the beginning of 2019, BR and NDR reported.

And in 2016, the group’s software was discovered in systems at industrial conglomerate Thyssenkrupp.