A Vietnamese state-backed threat group has been blamed for cyber-attacks that compromised the networks of BMW and Hyundai over recent months.
APT32, also known as “Ocean Lotus,” has been operational for the past few years. This spring it managed to infiltrate the network of the German car giant, installing a pen testing tool known as Cobalt Strike to remotely spy on machines, according to local reports.
However, BMW’s cybersecurity team caught wind of the attack and carefully monitored the group's activity, before finally kicking the attackers out in early December, Bayerischer Rundfunk claimed.
“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” the carmaker said in a general statement.
It was claimed that the hackers may be looking for trade secrets that will help to spur development at privately owned Vietnamese automotive start-up VinFast, which is currently supplied almost 100% by German manufacturers.
Hyundai’s corporate network was apparently also targeted, but there are no further details about that raid.
APT32 is known mainly for cyber-espionage activities targeting foreign businesses with a vested interest in Vietnam’s manufacturing, consumer products and hospitality sectors. It has also targeted political activists and free speech supporters inside Vietnam and across south-east Asia, according to FireEye.
“The targeting of private sector interests by APT32 is notable, and FireEye believes the actor poses significant risk to companies doing business in, or preparing to invest in, [Vietnam],” the security vendor said in its 2017 report on the group.
“While the motivation for each APT32 private sector compromise varied—and in some cases was unknown—the unauthorized access could serve as a platform for law enforcement, intellectual property theft or anti-corruption measures that could ultimately erode the competitive advantage of targeted organizations.”