The state-backed hacker group APT32, also known as Ocean Lotus, has reportedly spent the past few months compromising the networks of car manufacturing giants, BMW and Hyundai.
The group has been accused of infiltrating BMW’s network and installing spyware on their systems.
According to local reports, APT3 installed Cobalt Strike, a pen testing tool that enables hackers to spy on machines. After discovering the intrusion, the BMW cybersecurity team monitored the group’s activities before expelling them in early December, Bavarian broadcaster Bayerischer Rundfunk reported.
In a statement, BMW said: “We have implemented structures and processes that minimise the risk of unauthorised external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident.”
It is believed the hackers were seeking trade secrets to help VinFast, a privately owned Vietnamese car startup. VinFast is heavily dependent on German manufacturers and is 100% supplied by German companies.
South Korean car maker Hyundai was also targeted by the group, although no further details about the attack have been revealed at this time.
The hacker group is known for its cyber-espionage activities and has previously targeted foreign businesses linked with Vietnam’s manufacturing, consumer products and hospitality sectors. Cybersecurity specialist FireEye said the group has also targeted political activists and free speech supporters inside Vietnam and across south-east Asia.
APT32 uses “a unique suite of fully-featured malware, in conjunction with commercially-available tools, to conduct targeted operations that are aligned with Vietnamese state interests,” according to FireEye.
In a report on the group, FireEye said:“The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam].
“While the motivation for each APT32 private sector compromise varied – and in some cases was unknown – the unauthorised access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organisations.”