Vietnamese Hackers ‘APT32’ Hacked Hyundai and BMW

  • Vietnamese hackers entered the corporate network of BMW but didn’t manage to steal anything.
  • BMW claims that they closely monitored their moves, and stopped them when it was time.
  • Hyundai was also compromised, and a fake website was set up, but not a lot is known about this.

As first reported by, BMW and Hyundai have been breached by hackers belonging to the Vietnamese group “APT32”, also known as “Ocean Lotus”. The particular group is thought to be supported by the government of Vietnam, and we have seen it target the automotive industry before, stealing the payment and personal information of millions of Toyota customers from Australia, Japan, and Vietnam. While there are many ways to use automaker data, experts believe that APT32 is after patent information, technical secrets, method details, clever mechanical solutions, and valuable corporate secrets in general.

According to the information that is leaking via the local media outlets, the hackers managed to install the “Cobalt Strike” tool onto a BMW computer. This is a legitimate security assessment software that can be used to perform in-depth penetration tests and find various known misconfigurations and unpatched vulnerabilities. In the case of APT32 though, the tool helped them figure out how to step further inside the corporate network, spying and controlling systems remotely, getting login information, and expanding the infection to more computers in the network. This backdoor-planting operation took place quite a while back, and allegedly, BMW realized this soon enough and chose to closely monitor the hackers instead of cutting them off right away.

BMW claims that no sensitive data has been leaked, no clients have been compromised, and no intellectual information has been accessed by hackers. Part of the reason why BMW preferred to monitor the hackers’ movements instead of stopping them upon discovery was to determine how far deep they have managed to infiltrate. As for Hyundai, the same news sources mention that the South Korean automaker was also hacked by APT32, but there aren’t many details about what exactly happened in this case. The hackers used dummy websites that pretended to be official portals of the two companies in Thailand, but other than that, not much is known.

During the summer, the German Association of the Automotive Industry (VDA) distributed warning messages to German automobile companies about the risk of OceanLotus as well as Chinese hackers. Remember, Asian cyber-espionage is a big problem for German companies that operate at the forefront of technological developments. Back in April, Bayer AG discovered that the “Winnti” group, which is believed to be supported by the Chinese government, had infiltrated their corporate network since many months ago.

Go ahead and leave your comments on the above in the section down below, or join the discussion on our social media channels, on Facebook and Twitter.


Recent Articles

The U.S. Copyright Office Says Pirates Shouldn’t Lose Their Internet Connection

Breaking the law is condemnable, but barring someone out of the internet world is unconstitutional. The U.S. Copyright Office is calling the...

Russian Group Called “Cosmic Lynx” Exposed for Massive BEC Operation

The “Cosmic Lynx” actor has launched over 200 BEC campaigns during the past 12 months. The Russian group of hackers was making...

Amazon Prime Video Finally Gets Support for Multiple Profiles – Already Rolling Out in the USA & Around the World!

Prime Video now supports up to six individual profiles, all of which must be linked to one primary Amazon account. You’re free to...

“BlueLeaks” Portal Took Down and Server Seized by the German Police

“BlueLeaks” server located in Germany and seized by the authorities, so the portal is now down. The massive collection of US police...

Additional Evidence Points to the iPhone 12 Coming Without a Power Adapter & EarPods

A 3D concept rendering has surfaced online, showing the insert that will go into this year’s iPhone’s retail box. Once again, we see...