Home News APT Hacker Group Targets BMW and Hyundai Networks

APT Hacker Group Targets BMW and Hyundai Networks

BMW Data Breach

A notorious APT hacker group “OceanLotus” compromised the network systems of automobile giant BMW and installed a hacking tool known as “Cobalt Strike” to spy and control the systems.

According to a research report from Bayerischer Rundfunk, the attack was traced back to state-sponsored hackers from Vietnam.

Security analysts from BMW stated that they identified the hacker’s penetration into their company’s network system. It’s believed that attackers were active since March 2019.

BMW has taken down the compromised computers recently and blocked the path that was used by hackers to penetrate the network. The report also claimed the hackers behind the BMW attack also targeted the South Korean automotive manufacturer Hyundai.

Created Fake Websites

To get access to other computers, the hackers created a fake website that gave the impression of belonging to the BMW branch in Thailand, as they can monitor networks and find out which folders and files that users logged in.

Hackers Observed for Months

The security team at BMW allowed hackers to stay active with an intention to know more details like, who they were, how many systems they managed to compromise, and what kind of data they were after.

Based on sources, no sensitive information was accessed by hackers during the incident and no primary computers were compromised.

BMW declined to provide additional information on the attack.

“We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident,” BMW said in a statement.

 In a recent security incident, security pros at Blackberry Cylance observed an unknown hacking group used the same hacking tool Cobalt Strike to trojanize aTetris game to spread malware, targeting healthcare and educational institutions for credential stealing.

Blackberry Cylance stated that threat actors are trying to distribute ransomware with a malware named “PyXie”. It’s said that PyXie, which is written in Python programming language, has been in the wild since 2018.