A Vietnamese threat group is said to be the likely culprit behind the hacking that compromised the networks of BMW and Hyundai over recent months.
The Vietnamese state-backed threat group, APT32, also known as “Ocean Lotus” allegedly managed to breach the network of a BMW branch in spring, and install a penetration testing toolkit named Cobalt Strike on targeted machines.
The toolkits acts as a backdoor into the network allowing further access in the network, as well remotely spy on machines.
According to Bayerischer Rundfunk (BR), BMW’s cybersecurity team had detected the attack and carefully monitored the activity before blocking them access to confidential information and kicking them out at the end of November.
In a general statement, BMW said: “We have implemented structures and processes that minimise the risk of unauthorised external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident.”
A similar attack methodology is said to be used against Hyundai’s corporate network, however no further details have been revealed.
It is believed that the threat group are looking for trade secrets, and to steal intellectual and design property to help VinFast, a privately owned Vietnamese automotive start-up.
A 2017 report by FireEye said: “The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam].”
“While the motivation for each APT32 private sector compromise varied – and in some cases was unknown – the unauthorised access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organisations.”
The post #Privacy: BMW and Hyundai hacked by Vietnamese hackers appeared first on PrivSec Report.