APT32 in the Networks of BMW and Hyundai

APT32 in the Networks of BMW and Hyundai

APT32 in the Networks of BMW and Hyundai
Car as transportation has involved a lot since it was applied in our daily lives. Thus, when the network is implemented in cars, the cybersecurity concerns come along with the convenience. In recent research, the notorious APT32 group, also named “Ocean Lotus” was discovered in the networks of BMW and Hyundai Motor Company. The APT32 group started to target organizations including industries as well as foreign governments since 2012. Here are some facts about APT32:
● The group is more interested in Vietnam’s manufacturing, consumer products, and hospitality sectors.
● Peripheral network security and technology infrastructure corporations and security firms that may have connections with foreign investors can also be targeted by this group.
● The Cobalt Strike platform is popular among APT 32, APT29, and FIN7, even though there are Adversary Simulations and Red Team Operations.
Now, the APT32 group moved on to the automotive industry and breached the networks of the car manufacturers BMW and Hyundai:
● Stealing automotive trade secrets is one of the main goals.
● the Cobalt Strike hacking tool “Cobalt Strike” was deployed in the target network.
● Both Windows and Mac malware was used via watering hole attacks in its campaigns.

According to the researcher participated in this research:
“The attack the alleged Vietnamese hacker group began in the spring of 2019. Last weekend, the automobile company from Munich finally took the computers concerned off the grid. Previously, the group’s IT security experts had been monitoring the hackers for months. Also on the South Korean car manufacturer Hyundai, the hackers had it apart.”

The APT32 group was found by the BMW staff in few months ago. It had been linked to the previous attacks that happened in Toyota Japan, Toyota Australia, and Toyota Vietnam.
The BMW staff tried to monitor the attackers’ movements in the breached networks, and eventually locked out the attackers at the end of November.

Credits:
br.de/nachrichten/wirtschaft/fr-autoindustrie-im-visier-von-hackern-bmw-ausgespaeht
cyware.com/news/do-you-know-i-know-bmw-staff-let-the-attackers-move-freely-inside-their-network-6e3336f2