Vietnam may have backed the campaign.
Two of the world’s larger car makers were the victims of a sophisticated (but still not very successful) hacking campaign. Bayerricscher Rundfunk has learned that intruders from the hacking group OceanLotus slipped into the networks of BMW and Hyundai in an attempt to find trade secrets. BMW, at least, found the hackers quickly — instead, it let them operate for “months” to gather data before blocking them at the start of December. No sensitive data would have leaked out of BMW, according to an anonymous security expert, and the attackers wouldn’t have breached the central data center in Munich.
BMW declined to comment on the specific case, saying instead that it had “structures and processes” that both limited external hacking attempts and would let it quickly spot and recover from intrusions. Hyundai hasn’t responded to requests for comment so far.
The culprits may have been easy to identify, though. OceanLotus (aka APT32 or Cobalt Kitty) has been around since 2014 and is believed to be a Vietnam-backed group that typically targets dissidents and threats, and has lately targeted car brands that might include Toyota and Lexus. Conveniently, Vietnam recently launched its own automaker with BMW as a key supplier. The country may be trying to fast-track its growth by swiping ideas from rivals.
It’s not certain if Mercedes-Benz, VW or other brands were targeted. However, this follows a longstanding pattern of corporate espionage hacks on the part of countries that want to understand how certain businesses work. This certainly puts BMW in a difficult spot. It’s in a partnership where a supposed ally might be hacking its systems, and confronting its partner could create massive headaches.