BMW and Hyundai hacked by Vietnamese hackers, report claims

Hacks linked to Ocean Lotus (APT32), a group believed to operate with orders from the Vietnamese government.
Written by Catalin Cimpanu, Contributor
Image: Pablo Martinez

German media is reporting that hackers suspected to have ties to the Vietnamese government have breached the networks of two car manufacturers, namely BMW and Hyundai.

The report, coming from Bayerischer Rundfunk (BR) and Taggesschau (TS), claims that hackers breached the network of a BMW branch sometime this spring.

The attackers allegedly installed a penetration testing toolkit named Cobalt Strike on infected hosts, which they used as a backdoor into the compromised network.

BMW had supposedly allowed the hackers to persist on its network, and followed their every move, cutting off their access over the last weekend -- end of November.

BR and TS reporters claim the hackers behind the attack also breached Hyundai but did not provide any additional details about this second intrusion.

Neither BMW nor Hyundai wanted to comment on the BR article. Similar requests for comment sent by ZDNet remained unanswered.

Intrusions blamed on APT32

BR and TS said the group behind the BMW and Hyundai intrusions is a threat actor known for its attacks on the automotive industry [1, 2].

Known as Ocean Lotus (or APT32), the group is believed to carry out attacks on behalf of the Vietnamese government.

According to reports, the group has been active since 2014. While initial attacks had focused on hacking foreign corporations active in Vietnam and other Southeast Asian countries, since 2017, the group has incessantly targeted the automotive industry.

Prior to today's revelations, the group has been publicly linked to an attack on Toyota Australia. Weeks after, Toyota Japan and Toyota Vietnam disclosed similar breaches.

Many experts have speculated that the Vietnamese government has taken a page out of China's book and is using hacking groups to carry out economic espionage on foreign companies, stealing intellectual property, and then using it for its state-funded corporations.

China used this strategy to prop its airplane manufacturing sector, and now experts believe Vietnam is doing the same for its fledgling automotive startup VinFast, which started rolling out its first cars out factory lines this year.

The world's most famous and dangerous APT (state-developed) malware

Editorial standards