| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
The article mentions a previous WINNTI attack on computer systems at German technology group ThyssenKrupp in 2016 [84312]. This indicates that a similar incident has happened before within an organization.
(b) The software failure incident having happened again at multiple_organization:
The article states that the DCSO expert knew of at least five WINNTI attacks in Germany, suggesting that similar incidents have occurred at multiple organizations in Germany [84312]. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident at Bayer was related to a cyber attack that was believed to have originated in China. The attack involved the use of malware called WINNTI, which allowed the hackers to access Bayer's system remotely and carry out various actions. The malware was discovered on Bayer's computer networks and was covertly monitored and analyzed before being cleared from the systems [84312].
(b) The operation phase of the software system at Bayer was impacted by the cyber attack using the WINNTI malware. The attack highlighted the risk of data theft and disruption faced by big businesses like Bayer. The malware allowed the hackers to access the system remotely and carry out further exploits, indicating a failure in the operation of Bayer's cybersecurity measures to prevent such attacks [84312]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident at Bayer, involving a cyber attack believed to be from China, is an example of a failure originating from within the system. The malware used in the attack, WINNTI, was found on Bayer's computer networks, indicating that the contributing factors to the failure were internal to Bayer's systems [84312]. |
| Nature (Human/Non-human) |
non-human_actions |
(a) The software failure incident reported in the article was due to non-human actions, specifically a cyber attack believed to be hatched in China. The attack involved the use of malware called WINNTI, which allowed remote access to Bayer's systems and potential further exploits. The malware was described as complex and sophisticated, indicating a targeted and sustained espionage campaign [Article 84312].
(b) The article does not provide information about the software failure incident being caused by human actions. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident reported in the article is attributed to a cyber attack originating in China, where the hackers used malware called WINNTI to access Bayer's computer networks [84312]. This incident is more related to a hardware failure as it involves the infiltration and compromise of Bayer's computer systems, which are physical hardware components.
(b) The software failure incident is also related to software as the hackers used sophisticated malware (WINNTI) to remotely access Bayer's systems and carry out various actions once installed [84312]. This highlights the vulnerability of software systems to cyber attacks and the importance of software security measures in preventing such incidents. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the article is malicious in nature. It was a cyber attack believed to be hatched in China, targeting German drugmaker Bayer. The attack involved the use of malware called WINNTI, which allowed the hackers to access Bayer's systems remotely and carry out various actions. The attack was described as a targeted, sustained espionage campaign carried out by a sophisticated group of hackers with the ability to conduct multiple international attacks in parallel. The methods used in the attack bore the hallmarks of Chinese hackers who engage in targeted attacks and campaigns on the internet for various purposes, including espionage and intellectual property theft [84312]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) The software failure incident reported in the article was related to a cyber attack on German drugmaker Bayer, believed to have been orchestrated by a group in China. The attack involved the use of malware called WINNTI, which allowed remote access to Bayer's systems and potential further exploits. The incident highlighted the risk of data theft and disruption faced by big businesses like Bayer. The attack was described as a targeted, sustained espionage campaign, indicating a deliberate and calculated effort by the hackers. This points towards poor decisions made by the attackers to engage in cyber espionage activities targeting Bayer's systems [84312].
(b) The incident involving the cyber attack on Bayer's systems was not attributed to accidental decisions or unintended mistakes. Instead, it was characterized as a deliberate and sophisticated attack carried out by a group of hackers with the ability to conduct multiple international attacks in parallel. The malware used in the attack, WINNTI, was described as complex and capable of various actions once installed on a system. The methods used in the attack were said to bear the hallmarks of Chinese hackers who engage in targeted attacks and campaigns for financial gain, espionage, or theft of intellectual property. This indicates a deliberate and intentional effort by the hackers rather than accidental decisions or unintended mistakes [84312]. |
| Capability (Incompetence/Accidental) |
unknown |
(a) The software failure incident reported in the article is related to a cyber attack on German drugmaker Bayer, believed to be hatched in China. The attack involved the use of malware called WINNTI, which allowed the hackers to access Bayer's systems remotely and carry out various actions. The incident highlights the risk of data theft and disruption faced by big businesses like Bayer due to cyber attacks [84312].
(b) The software failure incident was not accidental but rather a targeted cyber attack orchestrated by a group of hackers believed to be from China. The malware used in the attack, WINNTI, is described as complex and sophisticated, indicating a deliberate and planned effort to compromise Bayer's systems for espionage purposes. The attack was not accidental but a deliberate act by a group of hackers with the ability to carry out multiple international attacks in parallel [84312]. |
| Duration |
temporary |
The software failure incident at Bayer due to the cyber attack was temporary. The incident started early last year, was covertly monitored and analyzed until the end of last month, and then the threat was cleared from the systems [Article 84312]. This indicates that the failure was due to contributing factors introduced by certain circumstances (the cyber attack) but not all circumstances, making it a temporary software failure incident. |
| Behaviour |
other |
(a) crash: The software failure incident in the article is not described as a crash where the system loses state and does not perform any of its intended functions [Article 84312].
(b) omission: The software failure incident does not mention the system omitting to perform its intended functions at an instance(s) [Article 84312].
(c) timing: The software failure incident does not involve the system performing its intended functions correctly but too late or too early [Article 84312].
(d) value: The software failure incident does not mention the system performing its intended functions incorrectly [Article 84312].
(e) byzantine: The software failure incident does not describe the system behaving erroneously with inconsistent responses and interactions [Article 84312].
(f) other: The software failure incident in the article is related to a cyber attack involving the use of malware called WINNTI, which allowed unauthorized access to Bayer's computer networks for espionage purposes. The incident is characterized by a targeted and sustained espionage campaign carried out by a sophisticated group of hackers, with the malware providing the capability to carry out various actions once installed [Article 84312]. |