Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS’s own Live Update software tool.
As Motherboard reported earlier this week, researchers at Kaspersky discovered that malicious hackers had successfully planted malware posing as an official ASUS security update onto ASUS’s servers and signed it with two of the company’s legitimate digital certificates.
In its own confirmation of the incident, Symantec revealed that at least 13,000 computers belonging to its customers were infected with the malicious software update pushed from ASUS’s Live Update server last year.
Upon installation, the malicious update received by ASUS notebooks launched a scan to determine if it was running on one of the 600 unique devices that the hackers were targeting, all with the intention of downloading further malware.
The supply-chain attack, which has been dubbed “Operation ShadowHammer,” has raised a number of questions including:
- How was ASUS’s infrastructure compromised?
- How did the hackers manage to get hold of ASUS’s digital certificates in order to sign the code to make it appear as though it really were from ASUS?
- Who was behind the attack, and why were they targeting those 600-or-so PCs?
Right now, we don’t have answers for any of those questions, though many think the attack’s sophisticated and targeted nature could mean that state-sponsored hackers, perhaps with espionage in mind, were responsible for the campaign.
There aren’t any additional details in ASUS’s press statement, a notice which mainly reviews the details of the incident:
A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Graham Cluley. Read the original post at: https://www.tripwire.com/state-of-security/featured/asus-security-update-live-update-tool-hacked/