ASUS software updates were used to spread malware
ASUS reportedly distributed the hijacked software to users last year.
Security researchers today revealed another massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS.
A group of state-sponsored hackers last year managed to hijack ASUS Live automatic software update server between June and November 2018 and pushed malicious updates to install backdoors on over one million Windows computers worldwide.
On Monday, researchers from Kaspersky Labs said the attack was first detected in January 2019. It is believed that the campaign, dubbed Operation ShadowHammer, took place between June and November 2018 and has potentially compromised countless users — despite there being only a small list of individuals the hackers wished to target.
If a victim was identified through the malware’s “surgical” filtration methods, then the trojanized software would install a backdoor and download additional payloads on to their machine. The researchers say that if you downloaded the software and backdoor but are not on the target list, the malware does nothing further.
Asus’ software update system was hacked and used to distribute malware to about 1 million Windows computers, according to the cybersecurity firm Kaspersky Lab. The malware was disguised as a “critical” software update, distributed from Asus’ servers, and signed using a real Asus certificate that made it appear to be valid.
Asus says it will issue a statement tomorrow afternoon.