THREAT ACTOR: Winnti

Group of professional hackers believed to be controlled by China. Since at least 2011, these hackers have been using malware to spy on corporate networks. Their mode of operation is to collect information on the organizational charts of companies, on cooperating departments, on the IT systems of individual business units, and on trade secrets. Targets are primarily German-based companies (Siemens, Bayer, Roche, BASF, Covestro).

 

Incidents Associated with this Threat

  • May 4, 2021: Hackers Attack Taiwan’s Major Oil Refiner Affecting Customers at the Pump.
  • June 19, 2020: Winnti attack on Covestro
  • June 1, 2020: Winnti attack on Marriott
  • June 1, 2019: Winnti malware infection
  • January 1, 2018: Winnti attack on BASF
  • January 1, 2018: Winnti attack on Siemens
  • January 1, 2018: Winnti attack on Henkel
  • January 1, 2018: Winnti attack on Roche
  • January 1, 2018: Winnti attack on Shin-Etsu
  • January 1, 2018: Winnti attack on Sumitomo
  • January 1, 2018: Winnti attack on Lion Air
  • January 1, 2018: Winnti attack on Valve

Malware Used by this Threat Actor

Pin It on Pinterest

Scroll to Top