German drug conglomerate Bayer says it was victimized in a cyberattack that appears to have originated with Chinese hackers, German media reported Thursday.
The $39 billion pharmaceutical giant said it found malicious software on its computer networks last year and contained the breach, according to the outlets BR and NDR.
Investigators examining the breach said attackers used the Winnti malware, which is tied to a Chinese-based hacking group known as Wicked Panda. The group in the past has been blamed for attacks on targets including the online gambling industry and companies with intellectual property that would benefit Beijing.
Wicked Panda “makes use of a number of open-source and custom tools to infect and move laterally in victim networks,” according to a CrowdStrike description. “The group’s tools have been traced to “contractors who count multiple Chinese government agencies as clients, including the Ministry of Public Security. Observed targeting by the Wicked Panda adversary has focused on high-value entities in the engineering, manufacturing and technology sectors, aligning with the PRC’s strategic economic plans.”
When the initial breach occurred was not immediately clear. An investigation is still underway though an initial probe found “no evidence of data theft” at Bayer or personal information being stolen from third parties, the company said.
Bayer is the largest drug company in Germany and the largest agricultural supplies company in the world.
Hackers have increased their attacks against high-value Germany targets in recent years. The Winnti malware was used against the technology company ThyssenKrupp in 2016, a breach that resulted in the theft of technical trade secrets from that firms; steel production and manufacturing plant design divisions, Reuters reported.