Cyber espionage is a large threat to vehicle development, production
and delivery; as the industry is highly competitive, not just between
different manufacturers but also different countries, there is a huge
drive towards new technologies and innovation. FireEye has most often
observed cyber espionage activity targeting the automotive industry
from groups linked to China, but also found activity from North Korean
and suspected Vietnam-linked groups. These state-sponsored threat
actors’ goal is to steal information from vehicle
manufacturers—certainly any kind of innovative research but also
development and intellectual property information that could provide
any kind of advantage.
Nation state attackers may also target the automotive industry in
order to get information on new technologies that are being developed
for military purposes. Stealing
intellectual property isn’t new. But targeting automotive
teams could be included here) could provide nation state
adversaries with a raft of information developed for governments or
militaries, including autonomous vehicle systems, artificial
intelligence, sensor detail and even deployment.
In the past, the focus of cyber espionage activity in the auto
sector has mainly been directed at research and development data from
automobile manufacturers, with hacker groups particularly active in
spying out the technical advances of Western manufacturers and using
them for their own economic
development. More recently, operational
data and processes have also been targeted. Due to progressive
modernization and digitization, artificial intelligence data for
autonomous driving and the development of powerful batteries have also
been in the focus
of hackers. In all cases, the stolen information can cause
significant damage to the originating company.
The whole industry is a mass of wealth for cyber actors seeking
financial gain, economic gain, potentially cyber warfare and economic
disruption and competitive advantage. Researchers have seen intrusions
in the automotive industry across Europe over the past few years,
mainly from Chinese
attackers. Additional activity has also been seen from North
Korea and Vietnam.
Vietnamese “state-aligned” group
APT32 is targeting foreign automotive companies in activity that
appears intended to support the country’s vehicle manufacturing goals.
seen APT32 activity accelerating since
February 2019; these operations don’t appear to be aimed at
acquiring intellectual property; rather, they seem to be looking for
corporate operational information.
The group has targeted security, technology infrastructure and
consultancy companies, and political activists. While attackers from
China, Iran, Russia, and North Korea remain the most active cyber
espionage state sponsors tracked by FireEye, groups such as APT32
represent a growing number of new countries involved in such activities.
Suppliers and other third-party vendors are also targeted by actors
seeking information about the automotive sector. Sometimes
illogically, they can be low hanging fruit for the cyber threat actor
and are under attack to compromise additional systems up the supply
chain in order to gain access the targets’ primary networks. Whether
or not access is gained through third parties or directly, a
manufacturer could be presented with a range of malevolent actions,
which, of course, could include espionage, data theft, process
disruption or vehicles system compromise.
The safety of the network is critical and therefore, it is
imperative to have an advanced technological strategy. Authentication
can be a big failing in security. Operations need to be able to
authenticate the network identities. As security threats continue to
evolve, most organizations still remain reliant on reactive,
technology-based security solutions to protect their most valuable
assets. Technology alone does not fully protect against a determined
attacker and it is difficult and costly to find, hire, train and
retain security experts, especially those who specialize in finding
It’s advisable to monitor your network around the clock with a
proactive, analyst-driven approach leveraging the latest threat
intelligence cultivated from experience. Managed
detection and response combine industry-recognized cyber
security expertise, cyber technology and an unparalleled knowledge of
attackers to help minimize the impact of a breach. Specialist cyber
security professionals can continuously monitor global cyber threats
and harnesses machine, campaign, adversary and victim intelligence
gained on the front lines of the world’s most consequential cyber attacks.
FireEye offers a full range of products and services that help our
customers understand evolving attacker motivations and methodologies.
Powered by industry-recognised expertise and nation-state grade threat
intelligence sourced from machine, adversary, campaign and victim
intelligence, FireEye enables smarter decision-making to help
organizations outmanoeuvre their attackers.
Our clients benefit from our intelligence-led, technology enabled
services such as rapid incident response services to minimize the
impact of compromise,
assessments, enhancement and transformation services to minimize
risk through informed decision-making and improved security posture.