The security researchers lately revealed that a massive supply chain attack has compromised over a million computers that has been manufactured by the Taiwan based technology giant, ASUS. It has been found out that a group of hackers sponsored by the state hijacked the ASUS live automatic software update server between the months of June and November in the year 2018. They have pushed in malware updates to install in the backdoors on 1 million+ Windows computers around the world.
According to the Russian cybersecurity researchers of the Russian firm, Kaspersky Lab, ASUS was informed of the ongoing chain attack supply on 31st of January, 2019 after Kaspersky Lab discovered the botnet attack and dubbed it “Operation ShadowHammer”. They have analyzed over 200 samples of the malware updates and noticed that the hackers had no motive to target all the users but had interest on the specific list of users who were identified by the unique MAC addresses that were hardcoded into the botnet. The researchers disclosed that they were able to extract over 6200 unique MAC addresses from over the 200 samples analyzed. He also anticipated that there might be other samples with different MAC addresses in their list.
The most interesting thing that the researchers found out is that the malware file was signed with the ASUS digital certificates that were legitimate. The risk were taken to prove the authenticity of the signature that came from an official software update from ASUS and to keep the malware undetected for the longer period of time. As stated by the Kaspersky Lab, the backdoor version of the ASUS Live Update was downloaded and installed by a minimum of 57,000 Kaspersky users. It was learn from Symantec that the company has identified the botnet on over 13,000 machines that had active antivirus software running on their computer systems.