THREAT ACTOR: Winnti

Group of professional hackers believed to be controlled by China. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation is to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets. Targets are primarily German-based companies (Siemens, Bayer, Roche, BASF, Covestro).

 

Incidents Associated with this Threat

  • June 19, 2020: Winnti attack on Covestro
  • June 1, 2020: Winnti attack on Marriott
  • June 1, 2019: Winnti malware infection
  • January 1, 2018: Winnti attack on BASF
  • January 1, 2018: Winnti attack on Siemens
  • January 1, 2018: Winnti attack on Henkel
  • January 1, 2018: Winnti attack on Roche
  • January 1, 2018: Winnti attack on Shin-Etsu
  • January 1, 2018: Winnti attack on Sumitomo
  • January 1, 2018: Winnti attack on Lion Air
  • January 1, 2018: Winnti attack on Valve

Malware Used by this Threat Actor

Pin It on Pinterest

Scroll to Top