Home>Blog>The Hacker News Headlines>Warning: ASUS Software Update Server Hacked to Distribute Malware
The Hacker News Headlines

Warning: ASUS Software Update Server Hacked to Distribute Malware

asus computer hacking

Remember the CCleaner hack?

CCleaner hack was one of the largest supply chain attacks that
infected more than 2.3 million users
with a backdoored[2]
version of the software in September 2017.

Security researchers today revealed another massive supply chain
attack that compromised over 1 million computers manufactured by
Taiwan-based tech giant ASUS.

A group of state-sponsored hackers last year managed to hijack ASUS
Live automatic software update server between June and November
2018 and pushed malicious updates to install backdoors on over one
million Windows computers worldwide.

According to cybersecurity researchers from Russian firm Kaspersky Lab, who
discovered the attack and dubbed it Operation ShadowHammer,
Asus was informed about the ongoing supply chain attack on Jan 31,
2019.
[3]

asus computer hacking

After analyzing over 200 samples of the malicious updates,
researchers learned that hackers did not want to target all users,
instead only a specific list of users identified by their unique
MAC addresses, which were hardcoded into the malware.

“We were able to extract more than 600 unique MAC addresses from
over 200 samples used in this attack. Of course, there might be
other samples out there with different MAC addresses in their
list,” researchers say.

Like the CCleaner and
ShadowPad
hacks, the malicious file was signed with legitimate ASUS
digital certificates in order to make it look an official software
update from the company and to remain undetected for a long
time.
Researchers didn’t attribute the attack to any APT group at this
moment, but certain evidence linked the latest attack to the
ShadowPad
incident from 2017, which Microsoft attributed to
the BARIUM APT actors behind the Winnti backdoor.

“Recently, our colleagues from ESET wrote about another supply
chain attack in which BARIUM was also involved, that we believe is
connected to this case as well,” researchers say.

According to Kaspersky, the backdoored version of ASUS Live
Update was downloaded and installed by at least 57,000 Kaspersky
users.

“We [researchers] are not able to calculate the total count of
affected users based only on our data; however, we estimate that
the real scale of the problem is much bigger and is possibly
affecting over a million users worldwide,” Kaspersky says.

Symantec told Vice Media that
the company identified the malware on more than 13,000 machines
running its antivirus software.

Most of the victims Kaspersky detected are from Russia, Germany,
France, Italy, and the United States, though the malware infected
users from around the world.

Kaspersky has notified ASUS and other antivirus companies of the
attack while the investigation into the matter is still
ongoing.

The antivirus firm has also released an automated tool[9]
for users to check whether they had specifically been targeted by
the ShadowHammer advanced persistent threat.

[1][4][5][6][7][8]

References

  1. ^
    CCleaner hack
    (thehackernews.com)
  2. ^
    2.3 million users with a backdoored
    (thehackernews.com)
  3. ^
    Kaspersky Lab
    (securelist.com)
  4. ^
    CCleaner
    (thehackernews.com)
  5. ^
    ShadowPad hacks
    (thehackernews.com)
  6. ^
    ShadowPad incident
    (thehackernews.com)
  7. ^
    attributed
    (www.courthousenews.com)
  8. ^
    Vice Media
    (motherboard.vice.com)
  9. ^
    automated tool
    (kas.pr)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.