1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

Bayer hit by cyberattack

April 4, 2019

German chemicals giant Bayer claims it has found malware from a Winnti hacker group in China which attacked the company in early 2018. The attack is part of a rising wave of cyberattacks worrying firms.

Symbolbild - Bayer - Monsanto
Bayer factoryImage: Getty Images/AFP/M. Hitji

A group of hackers known as Wicked Panda accessed Bayer's network in early 2018, the company said in a statement on Thursday. 

The hackers reportedly used Winnti malware, which had also been detected at three other, smaller, companies in Germany this year.

Winnti is a China-based hacker groups, of which Wicked Panda is believed to be a member. In Germany they already targeted the computer systems of technology group ThyssenKrupp in 2016. 

"This type of attack points towards the Wicked Panda group in China, according to security experts," a company spokesman said, citing evidence gathered by the DCSO cybersecurity group, which was set up by Bayer in 2015 and includes other German companies such Allianz, BASF and Volkswagen.

Bayer, Germany's largest drugmaker, said it had covertly monitored and analyzed the attack up to the end of this March and then cleared the threat from its systems."There is no evidence of data theft," the statement goes on. 

While public prosecutors in Cologne, Germany have opened an investigation into the incident, the former head of Germany's BND foreign intelligence service, Gerhard Schindler, said on Thursday it was difficult to determine the hackers' location.

Bayer is also the world's largest agricultural supplies company after it has taken over US chemicals maker Monsanto.

Germany watchful

The news comes in the wake of one of Germany's biggest data breaches, in which the private data of almost 1,000 public figures were leaked in January, including email conversations and private photos. Cybersecurity has become a matter of urgency for German politics after the United States has ramped up pressure on its allies to desist using Chinese firm Huawei technology in the roll out of 5G internet.

Germany’s Office for Security in Information Technology (BSI) recently issued a warning to several German companies seen as potential targets for Chinese cyber espionage. There are mounting fears in Germany that Chinese hackers could be targeting companies involved in construction and materials research, engineering firms and big commercial enterprises.
According to a BSI report in February, Germany has seen a rising  number of incidents hitting critical infrastructure, such as power grids and water suppliers. Among the companies most recently targeted by the Chinese hackers was the Hagen Hohenlimburg specialty steel mill in western Germany.

Technical trade secrets were stolen from the steel production and manufacturing plant design divisions of ThyssenKrupp in the attacks. At the time, the company said it had been targeted by attackers located in Southeast Asia. In 2014, a blast furnace at a steelworks in Germany was also badly damaged by a cyber attack, resulting in "massive damage to machinery" at the unnamed German steel mill.

This followed an attack on Deutsche Telekom routers that caused outage for nearly 1 million customers. 


According to a survey published by Germany's IT sector association Bitkom in 2018, two thirds of German manufacturers have already come under the attack of cybercriminals. The association estimates that this costs Europe's largest economy €43 billion ($50 billion) annually. 

Read moreGerman firms warned about Chinese 'cloud hopper' hackers

Bitkom has also found that small and medium-sized companies are particularly vulnerable to attacks. Some 19 percent of those polled said their IT and production systems had been sabotaged digitally, with 11 percent reporting tapping of their communications.

Data theft and cyber attacks