It is alleged that the BWM hacking occurred in the spring of this year, and the attackers installed Cobalt Strike Pentester tools on infected hosts, which in recent years have been increasingly used not only by security experts, but also by criminals. As a result, Cobalt Strike was used as a backdoor for a hacked network.
Moreover, according to media reports, BMW experts discovered the attack, but allowed hackers to continue to operate in their network, watching their every move. Access to attackers was closed only recently, at the end of November.
It is also reported that Hyundai suffered a similar compromise, however, no details about this incident are yet known, and both companies refuse to comment on the above publications.
It is believed that Ocean Lotus, also known as APT32, is behind these attacks. This hack group attacks mainly foreign companies investing in the development of production in Vietnam. The main areas of interest for hackers are retail, consulting and the hotel sector. According to information security experts, APT32 has been active since 2014, acts in the interests of the Vietnamese government, and attacks can be carried out to collect information to law enforcement agencies. Moreover, earlier this group was associated with attacks on Toyota.
Many information security experts believe that the Vietnamese authorities are following the example of Chinese “colleagues” and use hacker groups to spy on foreign companies, steal intellectual property, and then the stolen data is used in projects funded by state-owned corporations.