What’s Going On? Hackers have breached the network of BMW in a bid to steal intellectual property. The attackers allegedly installed a penetration testing toolkit named Cobalt Strike on infected hosts, which they used as a backdoor into the compromised network. BMW had allowed the hackers to persist on its network, and followed their every move, cutting off their access over the last weekend attempting to gain knowledge themselves of what the hackers were trying to achieve.
Who are they? The hackers behind the attack also breached Hyundai and are known as Ocean Lotus (or APT32), the group is believed to carry out attacks on behalf of the Vietnamese government. According to reports, the group has been active since 2014. While initial attacks had focused on hacking foreign corporations active in Vietnam and other Southeast Asian countries, since 2017, the group has repeatedly targeted the automotive industry.
Things they’ve taken credit for include, being publicly linked to an attack on Toyota Australia. Just weeks after, Toyota Japan and Toyota Vietnam disclosed similar breaches which they also took credit for. Many experts have speculated that the Vietnamese government has taken a page out of China’s book and is using hacking groups to carry out economic espionage on foreign companies, stealing intellectual property, and then using it for its state-funded corporations.