Latest in Gear

Image credit: CHRISTOF STACHE/AFP via Getty Images

Hackers targeted BMW, Hyundai in hunt for trade secrets

Vietnam may have backed the campaign.
317 Shares
Share
Tweet
Share
Save

Sponsored Links

CHRISTOF STACHE/AFP via Getty Images

Two of the world's larger car makers were the victims of a sophisticated (but still not very successful) hacking campaign. Bayerricscher Rundfunk has learned that intruders from the hacking group OceanLotus slipped into the networks of BMW and Hyundai in an attempt to find trade secrets. BMW, at least, found the hackers quickly -- instead, it let them operate for "months" to gather data before blocking them at the start of December. No sensitive data would have leaked out of BMW, according to an anonymous security expert, and the attackers wouldn't have breached the central data center in Munich.

BMW declined to comment on the specific case, saying instead that it had "structures and processes" that both limited external hacking attempts and would let it quickly spot and recover from intrusions. Hyundai hasn't responded to requests for comment so far.

The culprits may have been easy to identify, though. OceanLotus (aka APT32 or Cobalt Kitty) has been around since 2014 and is believed to be a Vietnam-backed group that typically targets dissidents and threats, and has lately targeted car brands that might include Toyota and Lexus. Conveniently, Vietnam recently launched its own automaker with BMW as a key supplier. The country may be trying to fast-track its growth by swiping ideas from rivals.

It's not certain if Mercedes-Benz, VW or other brands were targeted. However, this follows a longstanding pattern of corporate espionage hacks on the part of countries that want to understand how certain businesses work. This certainly puts BMW in a difficult spot. It's in a partnership where a supposed ally might be hacking its systems, and confronting its partner could create massive headaches.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
317 Shares
Share
Tweet
Share
Save

Popular on Engadget

Mario Kart Tour's second multiplayer beta will be open to all

Mario Kart Tour's second multiplayer beta will be open to all

View
Disney+ is coming to Europe a week sooner than expected

Disney+ is coming to Europe a week sooner than expected

View
Qualcomm's new mobile chipsets pack more features for the non-5G crowd

Qualcomm's new mobile chipsets pack more features for the non-5G crowd

View
Subaru plans to sell only electric cars by the middle of the 2030s

Subaru plans to sell only electric cars by the middle of the 2030s

View
GDPR has led to $126 million in fines over data privacy

GDPR has led to $126 million in fines over data privacy

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr