Ocean Lotus (APT32): According to a report from German authorities, members of the Vietnamese hacking group Ocean Lotus (APT32) are believed to be behind a breach of both BMW and Hyundai. The report states that APT32 breached BMW’s network sometime in the spring and installed Cobalt Strike on the infected systems which they then used as a backdoor. BMW supposedly allowed the hackers to remain on their network and monitored their behavior until they cut their access at the end of November. At this time neither BMW nor Hyundai were willing to comment on the report. Since 2017 APT32 have been increasingly targeting the automotive industry and has been linked to breaches of Toyota Australia, Toyota Japan and Toyota Vietnam.
Analyst Notes
With the ever-increasing interest in targeting the automotive industry and the failures of Vietnam’s automotive manufacturer, VinFast, this will likely not be the last time we see APT32 compromising a major automotive manufacturer. When so many of Toyota’s international systems were compromised the breaches were all disclosed within a relatively short period of time, meaning we may still see further reports for BMW and Hyundai. More information can be found at https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/
