Taiwan-based technology giant ASUS is advising concerned customers to run a newly-created diagnostic tool on their Windows computers after hackers pushed out malware to what some security researchers have estimated to be as many as one million PCs using ASUS's own Live Update software tool. As Motherboard reported earlier this week, researchers at Kaspersky discovered that malicious hackers had successfully planted malware posing as an official ASUS security update onto ASUS’s servers and signed it with two of the company’s legitimate digital certificates. In its own confirmation of the incident, Symantec revealed that at least 13,000 computers belonging to its customers were infected with the malicious software update pushed from ASUS's Live Update server last year. Upon installation, the malicious update received by ASUS notebooks launched a scan to determine if it was running on one of the 600 unique devices that the hackers were targeting, all with the intention of downloading further malware. The supply-chain attack, which has been dubbed "Operation ShadowHammer," has raised a number of questions including:
- How was ASUS's infrastructure compromised?
- How did the hackers manage to get hold of ASUS's digital certificates in order to sign the code to make it appear as though it really were from ASUS?
- Who was behind the attack, and why were they targeting those 600-or-so PCs?
Right now, we don't have answers for any of those questions, though many think the attack's sophisticated and targeted nature could mean that state-sponsored hackers, perhaps with espionage in mind, were responsible for the campaign. There aren't any additional details in ASUS's press statement, a notice which mainly reviews the details of the incident:
A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.
ASUS says it has implemented a fix in the latest version (3.6.8) of its Live Update software and introduced additional security measures to prevent similar attacks in the future. In addition, the company says it has created a security diagnostic tool that users can run on their affected PCs. The tool can be downloaded directly from ASUS's website. ASUS customers are just the latest in a growing group of victims who have suffered as the result of a supply-chain attack. Perhaps most infamously, consumer goods manufacturer Reckitt Benckiser and shipping conglomerate Maersk lost $100 million and $300 million in revenue, respectively, as a result of NotPetya ransomware that spread initially via a malicious automatic update for an accounting software package.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
