A cyber crime group known as APT32 or Ocean Lotus carried out cyber attacks against global automotive giants BMW and Hyundai with the backing of the Vietnamese government, German news agency BR have revealed.
According to German public-service radio and television broadcaster Bayerischer Rundfunk, the hacker group known as APT32 attempted to infiltrate BMW’s computer networks in order to gain access to trade secrets but was foiled by the company’s IT security teams.
The attacks began in Spring this year with hackers belonging to APT32 attempting to install a malicious tool known as Cobalt Strike that is capable of taking over control of computers within a network and accessing files stored in hijacked systems.
The hackers also set up several fake websites that impersonated the website of a BMW branch in Thailand as well as that of Hyundai. Fortunately, IT security experts spotted the intrusion attempts made by APT32, monitored the group’s activities, and finally took affected systems off the grid to prevent any data breaches.
BMW did not comment on this particular incident but told BR that it has systems and processes in place to detect cyber attacks and to recover from such attacks.
“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” the company said.
There is strong evidence of the Vietnamese government supporting APT32
Dror-John Röcher, who is a member of the German Cyber Security Organization (DCSO), told BR that Cobalt Strike has been used frequently by APT32, also known as Ocean Lotus, and looking at incidents involving the hacker group and analysing the targets, there is strong evidence that the group is being sponsored by the Vietnamese government.
He added that the hacker group started carrying out cyber attacks at a time when a Vietnamese conglomerate known as Vingroup opened a car manufacturing plant which sourced almost everything from German companies. It is possible that the latest cyber attack was aimed at gaining access to intellectual property belonging to German automotive companies.
According to BR, VDA, the German Automotive Industry Association, warned all car companies earlier this year about cyber attacks launched by the Ocean Lotus hacker group targeting their systems. The association described the hacker group’s tools and techniques in detail, thereby allowing car manufacturers to strengthen their cyber security protocols.