APT32/OceanLotus Suspected in Espionage Incident
Hackers suspected to be based in Vietnam compromised the network of German automaker BMW to attempt industrial espionage, according to German media outlet Bayerischer Rundfunk. The attackers also apparently targeted South Korea’s Hyundai, according to the report.
The attackers created phony websites for the automakers to open the door to accessing sensitive data, according to the news report. The BMW attackers managed to install “Cobalt Strike” malware on the corporate network to spy on computers, according to the news report, which offered no further details on the Hyundai attack.
The Vietnamese group apparently behind the attack, according to the news report, is OceanLotus, also known as APT32. It has previously targeted other automotive companies in attacks that appear to support the country’s vehicle manufacturing goals.
BMW declined to comment to the German publication other than to say: “We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident.”
BMW and Hyundai did not immediately respond to Information Security Media Group’s request for comment.
Earlier this year, multiple Toyota offices were hacked in an attack that cybersecurity firm FireEye tied to APT32 (see: Toyota Australia, Healthcare Group Hit By Cyberattacks).
Smaller Nations Launch APT Attacks Too
Although Russia, China, North Korea and Iran are considered to pose the most substantial cyberthreats, governments of some smaller countries apparently have begun to invest heavily in hacking capabilities.
“They are using cyber operations to feed their economy, by hacking corporate enterprises around the world, such as Toyota,” Charity Wright, a cyberthreat intelligence analyst at IntSights, tells Information Security Media Group. “They are stealing proprietary information and technological secrets and feeding it into their private-sector companies, which then make a profit.”
Not long before the Toyota hacks, Wright says, “there was a sharp increase in Vietnamese deep and dark web forum discussions, and we started seeing a sharp rise in the use of cryptocurrency in that region too.”
As with cybercrime, Vietnamese APT activity also appears to be following a well-worn playbook. “I call them a baby China,” Wright says.
Executive Editor Mathew Schwartz contributed to this report.