Welcome to the world of corporate espionage.
Cybersecurity is more important than ever not only for governments but also for global corporations, including automakers. The near-endless amount of information potentially available within any company's internal database is simply too tempting to ignore for hackers. Instead of genuinely trying to compete with better products, it's easier and far less costly to hack into those systems and steal as much as possible. BMW and Hyundai are just two automakers who recently fell victim to this method.
According to Silicon Angle, hackers made their first strike attempts against both automakers last spring. The APT32 group, also known as "Ocean Lotus," has been wreaking havoc since at least 2014, targeting not only corporations but also foreign governments, dissidents, and journalists. Specifically, its focus has been on Southeast Asian countries.
Sources claim the group has ties to the Vietnamese government. Authorities believe APT32 was behind a previous hacking attempt on the global network of Toyota. This resulted in 3.1 million customer records being stolen. But why are Vietnamese hackers so interested in automakers in particular? What's in it for them? Vietnam is becoming a fast-growing manufacturer of vehicles, and recently established its own brand, VinFast. Several global automakers also have production plants in Vietnam.
It didn't take long for BMW to detect the network hack but instead of stopping it they allowed the hackers to continue but still denied them access to confidential information. The idea was to track their every move. They cut them off entirely at the end of November. The hackers were seeking intellectual property data, such as BMW's expansion into electric vehicles that will include the upcoming i4, iX3, and production-spec iNext.
Interestingly, BMW and VinFast have a design partnership. This begs the question: if they're partners, what's the purpose of the hack? Basically, analysts believe Vietnam is directly copying China's corporate espionage hacking policies, even if it means breaking into the networks of supposed partners.