For years, companies around the world were exposed to attacks by a suspected Chinese hacker group. News says that the group had also political goals. The chemical and pharmaceutical industries are affected, but presumably also telecommunications providers and an airline. The hackers also prepared attacks on a hotel chain.
The hackers proceed in a division of labor and in a coordinated manner, which is also indicated by the campaign information in the malicious code. A researcher at the anti-virus provider Kaspersky was able to identify the nickname of a suspected Winnti hacker using his activities on internet forums.
Covestro And Siemens Confirmed That They Were Under Attack
Both companies said the hackers could be removed from the networks. There is no evidence that sensitive data has been tapped. They only responded flatly to a request that IT security has to be taken seriously.
Examined Parts Of The Malicious Code
The American software manufacturer Valve, which is known for the gaming platform Steam, apparently belongs to the other groups that are allegedly affected by Winnti. This suggests traces in the malicious code. Two Japanese industrial groups, Shin-Etsu and Sumitomo were apparently attacked by the group. The companies did not respond to requests.
IT security experts speak of a campaign against a company or against an entire industry. This campaign information was deciphered with the help of researchers from the Ruhr University in Bochum. The analysis does not reveal the extent to which data from the companies affected was copied by the attacks.
Hackers Also Attacked Political Targets
Most recently, the Winnti hackers probably started to expand their area of responsibility to include political espionage. Experts found out that the Hong Kong government’s IT systems were infected with the malware. A government spokesman confirmed the incident on request. Anti-virus manufacturers and security experts have been observing the Winnti group for several years. Several people that reporters have spoken to assume that the hackers are working out of China. Several Dax groups founded the Cyber Security Organization 4 years ago to exchange ideas in the fight against hackers.