Security Several German companies affected by hacker attack

Companies are reluctant to talk about cyber attacks. Now a large wave of attacks has become known, directed against the corporate networks of at least eight German companies.

Several German companies have been spied on by hackers in the past. According to research by Bayerischer Rundfunk (BR) and Norddeutscher Rundfunk (NDR), at least eight German companies were affected by the cyber attack, including six Dax corporations. In addition, around a dozen other companies had been attacked from abroad.

On Wednesday, the industrial concern Siemens confirmed upon request that it had been the target of a hacker attack at the beginning of June 2016. "After detailed analyses, we still have no indication that any data was lost during this attack," said a company spokesman. The plastics manufacturer Covestro said it had also been affected: "There was an attempt to spy on us. But there was no outflow of data.

At the beginning of April, the chemical giant Bayer had confirmed that it had been the victim of a cyber attack. Since the beginning of 2018, there had already been signs that the company network had been attacked with malware from the "Winnti" hacker group.

Counterfeit certificates

IT security experts and German security authorities suspect that the group comes from China. However, there are no reliable findings as to who is behind this. The hacker group is also said to have been behind an attack against Thyssenkrupp in 2016.

The hacker group has been monitored by IT security experts from Kaspersky Lab since 2011. Initially, their activity was directed against game manufacturers and online players with the aim of tapping play money. The "Winnti" scam is based, among other things, on the forgery of digital certificates. The hackers succeeded in transferring malware to the victims' computers via regular update channels. The malware consisted of a fake driver with a valid signature. In a DLL library of the driver there was a back door through which a remote maintenance tool could be started. This gave the hackers access to the victim's computer without the victim noticing. During the investigation, Kaspersky was able to identify more than a hundred variants of the malware spread by "Winnti". These were compiled individually to attack a particular company. Each target company was assigned its own command and control domains.

This shows: The hacker group is highly professional, and attacks are usually only noticed at a very late stage. After the initial concentration on networks for online games, the focus of hackers has now expanded. Large industrial companies, but also medium-sized businesses, have increasingly become the target in Germany.