Recently, German media reported that hacking organizations suspected of having links with the Vietnamese government had invaded the networks of BMW and Hyundai. The two-car companies have yet to comment on the matter. The attacker allegedly installed a penetration testing kit called Cobalt Strike on the infected host and used it as a backdoor to the infected network. Media reporters claimed that the attacking hackers also breached Hyundai at the same time, but did not provide any additional details about the second invasion.
It is understood that behind the scenes of the BMW and Hyundai invasion is a hacker group known for attacking the automotive industry, called Ocean Lotus (or APT32). The attack is believed to have been carried out on behalf of the Vietnamese Government. The organization has reportedly been active since 2014. Although the initial attacks focused on foreign companies active in Vietnam and other Southeast Asian countries, the organization has continued to target the automotive industry since 2017. Earlier, the organization was also exposed to the attacks of Toyota Australia, Toyota Japan, and Vietnam Toyota.
Many experts speculate that the Vietnamese government is using hacking groups to conduct economic espionage of foreign companies, steal intellectual property rights, and then use them for state-owned enterprises. Such an approach may be a strategy that it wants to support its startup car startup VinFast. VinFast started rolling out the first cars on the factory production line this year.