ASUS, the leading manufacturer of computers suffered a cyberattack that allowed hackers to infect malware to more than 50,000 customers.
The hacker after breaking the Taiwan-based tech company’s server, made it look like as though ASUS was sending legitimate software updates to its users that was laced with malicious software.
The researchers discovered the attack in January, after hackers took over the Asus Live Update Utility to quietly install malware on devices. The hack was first reported by Motherboard.
Kaspersky came to know about this hack because the many of the ASUS computers are installed with their antivirus software. Though, it is still not clear who is behind the attack on the ASUS Live Update Utility.
Kaspersky Lab is calling this hack ‘Operation ShadowHammer’. “The malware went undetected for several months” said Kaspersky’s Raiu. He added that the group who is behind this attacks, rewrites tools for every large attack so scanners can’t detect them by looking for its old code signatures.
The attack must have started sometime between June and November 2018. According to Kaspersky around 57,000 of ASUS laptops are infected, though the update was likely distributed to one million. It appeared that the attackers were only targeting about 600 specific machine.
The ASUS hack is one of the biggest supply-chain attacks ever to happen, said Kaspersky Lab, it added.
As said the hack was first reported by Motherboard, and that it has notified Asus when it first discovered the cyber-attack in June and November 2018. The company later confirmed that it is investigating the matter. Kaspersky claims that ASUS sent the “backdoor” to customers for at least five months before it was discovered.
ASUS has not responded to a request for comment.
Vitaly Kamluk, director of Kaspersky Lab’s Global Research and Analysis Team, in a statement said “The selected vendors are extremely attractive targets for APT [advanced persistent threat] groups that might want to take advantage of their vast customer base.”
Distrust in automatic updates from the source itself is another kind of concern. People have to be worried about patches as hackers seek to exploit their trust.