Hackers allegedly having links to the Vietnamese government have hacked the networks of two leading automobile manufacturers, BMW and Hyundai, according to the recent reports from the German media.
At the same time, eliminating the novelty from the incident, the reports by Bayerische Rundfunk (BR) and Taggesschau (TS) are making claims that around spring this year, the networks of a BMW branch were breached by attackers.
Reports suggest, hackers installed ‘Cobalt Strike’, a penetration testing toolkit onto the targeted networks; it was employed as a backdoor through which the compromised networks were intruded by attackers.
Supposedly, BMW was acquainted with the attacker’s operations and let them continue to penetrate further into their networks. However, the company brought it to an end by putting a restriction onto the illegal access in the last week of November.
According to the findings, the attackers who compromised BMW’s networks also no infected
South Korean multinational automotive manufacturer, Hyundai. However, no additional information has been provided regarding the Hyundai breach.
The group behind these attacks, Ocean Lotus (APT32) has been in the cybercrime ecosystem since 2014 and is popular for targeting the automobile sector.
Referencing from the reports, “The attack of the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group’s IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart.”
“The Federal Office for the Protection of the Constitution also follows the hackers of OceanLotus. “The grouping of OceanLotus has already become important, and one should keep an eye on the development, especially because of the target range automotive industry,” said a spokeswoman.
In the summer, the German Association of the Automotive Industry (VDA) sent an e-mail to its members. The subject was: “Warning message from the Federal Office for the Protection of the Constitution about poscyberattacksttacks (OceanLotus) on German automobile companies.” In the e-mail, the BR research, the hacker’s procedure is described in detail.” The report reads.