The attackers allegedly installed a penetration testing toolkit named Cobalt Strike on infected hosts, which they used as a backdoor into the compromised network.
BMW had supposedly allowed the hackers to persist on its network, and followed their every move, cutting off their access over the last weekend -- end of November.
BR and TS reporters claim the hackers behind the attack also breached Hyundai but did not provide any additional details about this second intrusion.
Neither BMW nor Hyundai wanted to comment on the BR article. Similar requests for comment sent by ZDNet remained unanswered.
Intrusions blamed on APT32
BR and TS said the group behind the BMW and Hyundai intrusions is a threat actor known for its attacks on the automotive industry [1, 2].
Known as Ocean Lotus (or APT32), the group is believed to carry out attacks on behalf of the Vietnamese government.
According to reports, the group has been active since 2014. While initial attacks had focused on hacking foreign corporations active in Vietnam and other Southeast Asian countries, since 2017, the group has incessantly targeted the automotive industry.
Many experts have speculated that the Vietnamese government has taken a page out of China's book and is using hacking groups to carry out economic espionage on foreign companies, stealing intellectual property, and then using it for its state-funded corporations.