Media said that BMW and Hyundai have been hacked by Ocean Lotus

BMW and Hyundai hacked
Written by Valdis Koks

At the end of last week, German publications Bayerischer Rundfunk and Taggesschau reported that the BMW and Hyundai auto giants were attacked and hacked by Vietnamese hacker Ocean Lotus, also known as APT32.

It is supposed that the BWM hacking occurred in the spring of this year, and the attackers installed Cobalt Strike Pentester tools on infected hosts, which in recent years have been increasingly used not only by security experts, but also by criminals. As a result, Cobalt Strike was used as a backdoor for a hacked network.

Moreover, according to media reports, BMW experts discovered the attack, but allowed hackers to continue to operate in their network, watching their every move.

BMW had supposedly allowed the hackers to persist on its network, and followed their every move, cutting off their access over the last weekend — end of November”, — describes this situation ZDNet.

It is also reported that Hyundai suffered a similar compromise, however, no details about this incident are yet known, and both companies refuse to comment on the above publications.

It is believed that Ocean Lotus, also known as APT32, is behind these attacks. This hack group attacks mainly foreign companies investing in the development of production in Vietnam. The main areas of interest for hackers are retail, consulting and the hotel sector.

Read also: China uses the Great Cannon again for DDoS attacks

According to information security experts, APT32 has been active since 2014, acts in the interests of the Vietnamese government, and attacks can be carried out to collect information to law enforcement agencies. Moreover, earlier this group was associated with attacks on Toyota.

Many information security experts believe that the Vietnamese authorities are following the example of their Chinese “colleagues” and use hacker groups for economic espionage against foreign companies, theft of intellectual property, and then the stolen data is used in projects of state-funded corporations.

China used this strategy to prop its airplane manufacturing sector, and now experts believe Vietnam is doing the same for its fledgling automotive startup VinFast, which started rolling out its first cars out factory lines this year”, — suppose IS exoerts.

Neither BMW nor Hyundai wanted to comment on the publications.

About the author

Valdis Koks

Security engineer, reverse engineering and memory forensics

Leave a Comment