Incidents

BMW was hacked; potential trading secrets leaking

Currently any company can become a victim of a cyberattack. According to cybersecurity specialists, automobile company BMW detected and monitored a hacker group that managed to infiltrate its networks for almost a year.

Apparently, the German company’s security team detected the presence of hackers after an instance of Cobalt Strike, a legitimate penetration testing tool, had been installed on one of its computers. Because this kind of testing had not been done recently, the company determined that it was installed by an external actor.

After detecting the intrusion, the company’s
cybersecurity experts decided not to disrupt the activities of hackers, but
rather to adopt a different strategy. BMW began monitoring hackers to collect
information about their identity, their intentions and the actual extent of the
intrusion.

Finally, after months of monitoring, BMW’s
security teams decided to stop the intrusion, shutting down the operations of
compromised computers and blocking access to the internal network exploited by
hackers. Internal investigation is still ongoing, although it is already
mentioned that hackers would not have accessed confidential information, and
that no computer equipment at the company’s headquarters was infected.

Through a statement, the company acknowledged
the incident, adding that: “The relevant structures and processes have
been implemented to minimize the risks of unauthorized access to our systems,
allowing us to detect any attempts in addition to its fundamental role for
upcoming security incident recovery processes.” This is all the
information BMW has published about the cyberattack.

According to cybersecurity specialists, as part
of the same hacking campaign the networks of the South Korean automotive
company Hyundai were also compromised; so far, the company has made no official
statements about the incident.

Regarding the perpetrators of both attacks,
both the tools and methods used cause the cybersecurity community to point
towards the hacker group known as OceanLotus (also identified as APT32 or
Cobalt Kitty), a group of Advanced Persistent Threats (APTs) with a special
predilection for automotive companies.

Crowdstrike, a security firm that assists in
the investigation of both attacks, claims that a group of hackers backed by
Asian governments based in Vietnam known as “Buffaloes” was also
involved in this hacking operation. In its report, the firm also mentions that
APT32 could also be behind similar security incidents at multiple Toyota and Lexus outlets that resulted in the exposure of confidential information
from these companies. In addition, experts say these attacks began after the
Socialist Republic of Vietnam decided to build its own cars, so this is likely
to be a complex corporate espionage campaign.

Specialists from the International Institute of
Cyber Security (IICS) comment that this form of corporate espionage has become
very common, as some governments prefer to use hacker groups to obtain
confidential information about sophisticated technological developments rather
than starting to work from scratch on their own technology.

To Top

Pin It on Pinterest

Share This