BMW was hacked; potential trading secrets leaking

Currently any company can become a victim of a cyberattack. According to cybersecurity specialists, automobile company BMW detected and monitored a hacker group that managed to infiltrate its networks for almost a year.

Apparently, the German company’s security team detected the presence of hackers after an instance of Cobalt Strike, a legitimate penetration testing tool, had been installed on one of its computers. Because this kind of testing had not been done recently, the company determined that it was installed by an external actor.

After detecting the intrusion, the company’s cybersecurity experts decided not to disrupt the activities of hackers, but rather to adopt a different strategy. BMW began monitoring hackers to collect information about their identity, their intentions and the actual extent of the intrusion.

Finally, after months of monitoring, BMW’s security teams decided to stop the intrusion, shutting down the operations of compromised computers and blocking access to the internal network exploited by hackers. Internal investigation is still ongoing, although it is already mentioned that hackers would not have accessed confidential information, and that no computer equipment at the company’s headquarters was infected.

Through a statement, the company acknowledged the incident, adding that: “The relevant structures and processes have been implemented to minimize the risks of unauthorized access to our systems, allowing us to detect any attempts in addition to its fundamental role for upcoming security incident recovery processes.” This is all the information BMW has published about the cyberattack.

According to cybersecurity specialists, as part of the same hacking campaign the networks of the South Korean automotive company Hyundai were also compromised; so far, the company has made no official statements about the incident.

Regarding the perpetrators of both attacks, both the tools and methods used cause the cybersecurity community to point towards the hacker group known as OceanLotus (also identified as APT32 or Cobalt Kitty), a group of Advanced Persistent Threats (APTs) with a special predilection for automotive companies.

Crowdstrike, a security firm that assists in the investigation of both attacks, claims that a group of hackers backed by Asian governments based in Vietnam known as “Buffaloes” was also involved in this hacking operation. In its report, the firm also mentions that APT32 could also be behind similar security incidents at multiple Toyota and Lexus outlets that resulted in the exposure of confidential information from these companies. In addition, experts say these attacks began after the Socialist Republic of Vietnam decided to build its own cars, so this is likely to be a complex corporate espionage campaign.

Specialists from the International Institute of Cyber Security (IICS) comment that this form of corporate espionage has become very common, as some governments prefer to use hacker groups to obtain confidential information about sophisticated technological developments rather than starting to work from scratch on their own technology.