| Recurring |
one_organization, multiple_organization |
(a) The software failure incident related to a cyberattack by the hacker group Winnti at Bayer has similarities with a previous incident at ThyssenKrupp in 2016, where Winnti was also implicated in the cyber-attack [83544].
(b) The Winnti cyber-attack that targeted Bayer is not an isolated incident. The same hacker group has been involved in cyber-attacks at other organizations as well. According to reports, the Winnti malware was found in at least three other German companies from the middlestand sector, including those in the fields of chemistry, mechanical and plant engineering, and software [83544]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the cyberattack on Bayer by the hacker group Winnti. The attack was detected by Bayer's Cyber Defense Center in early 2018, leading to extensive analyses and collaboration with experts like the Deutsche Cyber-Sicherheitsorganisation (DCSO) [83544]. This incident highlights a failure in the design phase as the attackers exploited vulnerabilities in Bayer's systems, indicating potential weaknesses introduced during system development or updates.
(b) The software failure incident related to the operation phase is demonstrated by the actions taken by Bayer's Cyber Defense Center in response to the cyberattack. The experts identified, analyzed, and cleaned the affected systems in collaboration with external organizations like the DCSO and the State Criminal Police Office in North Rhine-Westphalia [83544]. This operational failure suggests that the attack was able to penetrate Bayer's network, possibly due to operational lapses or misuse of the system, leading to the need for extensive cleanup and monitoring efforts. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident reported in the article is within_system. The failure was a result of a cyberattack by the hacker group Winnti on Bayer's network. Bayer's Cyber Defense Center identified and analyzed the attack, working closely with experts and law enforcement to clean the affected systems. The incident involved potential communication analysis with the attackers before cleaning the infected systems [83544].
(b) The software failure incident was also influenced by factors outside the system, specifically the actions of the hacker group Winnti, which is believed to be associated with the Chinese group "Wicked Panda." This external threat actor was responsible for the cyberattack on Bayer, indicating that the failure originated from outside the system [83544]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident in this case was due to non-human actions, specifically a cyberattack by the hacker group Winnti, which is believed to be connected to the group "Wicked Panda" from China [83544].
(b) Human actions were involved in the response to the incident, as experts from Bayer's Cyber Defense Center, the Deutsche Cyber-Sicherheitsorganisation (DCSO), and the Landeskriminalamt in Nordrhein-Westfalen worked together to identify, analyze, and clean the affected systems. Additionally, the decision to initially not clean the infected systems to analyze potential communication from the attackers was a human action taken by Bayer's Cyber Defense Center [83544]. |
| Dimension (Hardware/Software) |
hardware |
(a) The software failure incident reported in Article 83544 is related to a cyberattack on Bayer by the hacker group Winnti. The incident was detected by Bayer's Cyber Defense Center in early 2018. The attack was attributed to the group "Wicked Panda" from China, which is linked to Winnti. The hackers gained access to Bayer's network, and the Cyber Defense Center identified, analyzed, and cleaned the affected systems in collaboration with experts and law enforcement agencies. The incident involved a cyberattack originating from external sources (hardware-related) [83544].
(b) The software failure incident in Article 83544 was caused by a cyberattack, indicating a failure originating in software systems. The hackers targeted Bayer's systems, leading to the need for analysis, identification, and cleaning of the affected software systems by Bayer's Cyber Defense Center. The incident highlights the vulnerability of software systems to cyber threats and the importance of cybersecurity measures to protect against such attacks [83544]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in Article 83544 was malicious in nature. Bayer was a victim of a cyberattack by the hacker group Winnti, with indications pointing to the involvement of the group "Wicked Panda" from China. The attack was detected by Bayer's Cyber Defense Center in early 2018, and extensive analyses were initiated. The incident involved unauthorized access to Bayer's network by hackers, with the objective likely being to obtain sensitive information or disrupt operations. The seriousness of the attack is highlighted by the involvement of authorities like the Deutsche Cyber-Sicherheitsorganisation (DCSO) and the State Prosecutor's Office in Cologne in the investigation [83544]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The intent of the software failure incident related to poor_decisions:
- The software failure incident at Bayer was a result of a cyberattack by the hacker group Winnti, which is believed to be connected to the Chinese group "Wicked Panda" [83544].
- The attack was detected by Bayer's Cyber Defense Center in early 2018, and extensive analyses were initiated [83544].
- The hackers were under observation by Bayer's Cyber Defense Center until the end of March, during which the infected systems were intentionally not cleaned to analyze potential communication from the attackers [83544].
(b) The intent of the software failure incident related to accidental_decisions:
- There is no specific mention in the article indicating that the software failure incident at Bayer was due to accidental decisions. |
| Capability (Incompetence/Accidental) |
development_incompetence, unknown |
(a) The software failure incident related to development incompetence is evident in the article as Bayer fell victim to a cyberattack by the hacker group Winnti. The Cyber Defense Center of Bayer detected the attack in early 2018 and initiated extensive analyses. Despite the attack, there was no evidence of data leakage. The incident showcases the need for robust cybersecurity measures and expertise to prevent and mitigate such attacks [83544].
(b) The accidental aspect of the software failure incident is not explicitly mentioned in the provided article. |
| Duration |
temporary |
(a) The software failure incident in the article is more temporary in nature. The cyberattack on Bayer by the hacker group Winnti was detected by Bayer's Cyber Defense Center in early 2018. Extensive analyses were initiated, and the affected systems were identified, analyzed, and cleaned by the experts. The hackers were under observation until the end of March of the same year, and the infected systems were deliberately not cleaned initially to analyze potential communication from the attackers. All systems were eventually cleaned by the end of March, and the hackers had not been active until then [83544]. |
| Behaviour |
omission, other |
(a) The software failure incident described in the article is related to a cyberattack on Bayer by the hacker group Winnti. The incident led to Bayer's Cyber Defense Center identifying and analyzing the affected systems, eventually cleaning them up to mitigate the attack. The systems were intentionally not cleaned immediately to observe potential communication from the attackers [83544].
(b) The software failure incident involved the system omitting to perform its intended functions as it was compromised by the cyberattack. The hackers gained access to Bayer's network, and the Cyber Defense Center had to work on identifying, analyzing, and cleaning the affected systems to address the omission of proper system functioning [83544].
(c) The timing of the software failure incident is notable as the hackers had access to Bayer's network, but the Cyber Defense Center kept them under observation until the end of March before cleaning the infected systems. This delayed response was intentional to monitor potential communication from the attackers [83544].
(d) The software failure incident did not involve the system performing its intended functions incorrectly. Instead, the failure was due to a cyberattack compromising Bayer's network, leading to the need for extensive analysis and cleanup by the Cyber Defense Center [83544].
(e) The software failure incident did not exhibit a byzantine behavior where the system behaves erroneously with inconsistent responses and interactions. The incident was primarily characterized by the cyberattack and the subsequent actions taken by Bayer's Cyber Defense Center to address the breach [83544].
(f) The other behavior exhibited in this software failure incident is the intentional decision by Bayer's Cyber Defense Center to not immediately clean the infected systems to observe potential communication from the attackers. This strategic approach was part of the response to the cyberattack on Bayer's network [83544]. |