According to media reports, hacker attacks on German companies, including at least six DAX-listed corporations, have occurred on a larger scale in recent years. The hacker group “Winnti” frequently appears in the press. But who is it?
According to media reports, hacker attacks on German companies, including at least six DAX-listed corporations, have occurred on a larger scale in recent years. Research by Norddeutscher Rundfunk (NDR) and Bayerischer Rundfunk (BR) concluded that the Chinese hacker group “Winnti” and its malware of the same name were behind the attacks.
Among the affected companies, were also well-known DAX companies such as Bayer, Thyssen Krupp, BASF and Siemens. At present, nothing is known about data leaks, or the companies are keeping a low profile. According to analysis by BR and NDR, in which IT security experts were also consulted, the motives are industrial and political espionage. The nature of the attacks, the targets and the way the malware is programmed, suggest that the originator is the hacker group “Winnti“.
How does “Winnti” work?
The German Federal Office for Information Security (BSI) has already mentioned the Winnti hacker group in its 2017 IT security status report. Thus, since the summer of 2016, an increasing number of observed cyber espionage attacks against commercial enterprises in Germany has been observed. It is assumed, especially in media reports, that Asian hacker groups are involved. By redirecting traffic to the perpetrators’ control servers, secret industrial and economic data, as well as political secrets, are spied upon.
To manipulate the systems and introduce malware undetected, the cybercriminals send e-mails with infected attachments or links. This opens a back door for the hackers into the IT of their victim and the information can be tapped unnoticed. Such attacks can only be averted by a combination of human and technical prevention. It is up to companies to take the necessary technical and organizational measures to protect themselves against cybercriminals.