Threat Management, Threat Management, Threat Intelligence

Reputed Vietnamese APT group hacks BMW, Hyundai: report

The reputed Vietnamese APT group OceanLotus is believed responsible for recently hacking into the networks of German car manufacturer BMW, as well as South Korea's Hyundai, presumably to spy on their automotive trade secrets.

German broadcaster Bayerricscher Rundfunk, which broke the story, reported (in an article translated into English) that BMW caught the intrusion early and chose to monitor the digital invaders' activity before ultimately expelling them two weekends ago. Sensitive data would not have leaked, an unidentified IT security expert told the news organization, and BMW's central data center remained untouched.

As part of their scheme, the hackers reportedly created a fake website that appeared to represent BMW's branch in Thailand and another phone site impersonating Hyundai. They also reportedly infected BMW with Cobalt Strike, a commercial penetration testing tool that it historically has abused as a malicious tool.

BMW reportedly declined to provide Bayerricscher Rundfunk with comment on the specific case, but said "We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident." Hyundai, meanwhile, reportedly did not respond to a request for comment.

According to the MITRE ATT&CK knowledge base, OceanLotus is known to target private sector industries and foreign governments, dissidents, and journalists, with a heavy concentration on Southeast Asia. Back in March, the group – also known as APT32 and Cobalt Kitty – was blamed for breaching Japanese car dealerships, resulting in the compromise of 3.1 million items of data pertaining to Toyota and Lexus customers.

OceanLotus is believed to be sponsored by the Vietnam government. According to Bayerricscher Rundfunk's report, Vietnam may have particular interest in BMW because in June 2019 the Vietnamese conglomerate Vingroup launched the country's first auto start-up VinFast, of which BMW is a business partner.

Just this past summer, the German Association of the Automotive Industry (VDA) sent an e-mail warning members of possible cyberattacks on German car companies, the report continues.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.