Kaspersky Lab announced the discovery of ‘ShadowHammer,’ a sophisticated supply chain attack which involved the ASUS Live Update Utility where a malicious backdoor has been installed to computers.
In a statement released by Kaspersky Lab, the attack took place between June and November 2018 and was discovered in January 2019 with 57,000 of its own users who have downloaded the compromised utility but possibly affecting over a million users worldwide.
“The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation,” Kaspersky stated.
According to Kaspersky, the attack remained undetected for long was partly because the file was signed with legitimate certificates to make it appear like a legitimate software update from ASUS and that the malicious updaters were hosted on the official liveupdate01s.asus[.]com and liveupdate01.asus[.]com ASUS update servers.
Kaspersky linked the attack to the ShadowPad incident from 2017 with the actor identified by Microsoft as “BARIUM”.
The cybersecurity firm said that investigation is still in progress but assured that full results and technical paper will be published during SAS 2019 conference in Singapore.
(Photo source: dailydot.com/ securelist.com)