Sunday, June 15, 2025
HomeData BreachBMW Hacked - OceanLotus APT Hackers Group Penetrate The BMW Networks

BMW Hacked – OceanLotus APT Hackers Group Penetrate The BMW Networks

Published on

SIEM as a Service

Follow Us on Google News

A well-known APT Hackers group “OceanLotus” breach the automobile giant BMW network, and successfully installed a hacking tool called “Cobalt Strike” which help them to spy and remotely control the system.

Security experts from BMW spotted that hackers penetrate the company network system and remain stayed active since March 2019.

The OceanLotus APT group believed to be active on behalf of the State of Vietnam, and they mainly focus on the automobile industry.

- Advertisement - Google News

GBHackers previously reported various high profile malware attacks involved by the OceanLotus APT group around the globe since 2014, and the threat group targets private sectors across multiple industries, foreign governments.

Last weekend, security experts from BMW take down the hacked computers and blocked the path that was used by hackers to penetrate the network.

According to Bayerischer Rundfunk’s reports. ” The automobile company from Munich finally took the computers concerned off the grid. , the group’s IT security experts had been monitoring the hackers for months. This is the result of research by the Bayerischer Rundfunk. Also on the South Korean car manufacturer Hyundai, the hackers had it apart.

An anonymous source reported this incident to BR and states that the hackers didn’t access any sensitive information during the attack period.

BMW refused to comment further about the security incidents, but in general, they said: “We have implemented structures and processes that minimize the risk of unauthorized external access to our systems and allow us to quickly detect, reconstruct, and recover in the event of an incident.”

Based on the expert source report OceanLotus hackers also targeted the Hyundai network, and they left several requests unanswered also there is no specific technical details revealed about the incident.

Andreas Rohr of the IT security firm Deutsche Cybersecurity organization (DCSO) said “If hackers have penetrated a corporate network , they usually try to look around as inconspicuously as possible. Once a company has discovered the attackers, it’s important to find out how far hackers have spread. They are watched for this, sometimes for months. “Typically, you benefit from having discovered someone to see where further compromises exist,” 

Experts believe that the same groups may have been involved with previous automobile security breaches such as Toyota hack, in which cybercriminals accessed the server and they may have been leaked 3.1 million customer personal data online.

Also Read:

Adobe Hacked – Hackers Exploit The Bug in Magento Marketplace & Gained Access To The Users Data

OnePlus Hacked – Customers’ Personal Information Accessed by Hackers

T-Mobile Hacked – Hackers Gained Access to Prepaid Customers Data

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Unpatched IT Tool Opens Door – Hackers Breach Billing Software Firm via SimpleHelp RMM

Cybersecurity professionals and business leaders are on high alert following a confirmed breach of...

137,000 SoftBank Customers Affected by Data Leak from Third-Party Vendor

SoftBank has previously experienced significant data breaches. In 2004, the company confirmed that personal...

ESET Details on How to Manage Your Digital Footprint

ESET, a leading cybersecurity firm, has shed light on the intricate nature of digital...