Quote:

Latest security updates unveiled an advanced persistent threat (APT) attack that affected over a million ASUS users worldwide. This type of attack is unprecedented in its seriousness because it managed to perfectly imitate the signature of the original ASUS auto-update software, passing by undetected by conventional anti-virus solutions.

This huge supply chain attack fooled computers into thinking they were receiving updates from ASUS, all the while installing a backdoor into those computers. This unusually dangerous attack has been dubbed Operation #ShadowHammer and ran from June 2018 to November 2018 undetected until now.

We want to make you aware of this vulnerability, and urge you to take a few basic steps to secure your system, in case you own any ASUS computers.

How the Advanced Persistent Threat (APT) infection worked

he ASUS Live Update is a software patching utility which comes preinstalled on most ASUS computers. It’s used to perform automatic updated on important computer software components, such as BIOS, UEFI, software drivers, and some other major applications.

The hackers managed to replace the authentic ASUS Live Update software with several corrupted versions of their own, which imitated the digital signature of ASUS and fooled computers into downloading and installing them. The researchers who raised the alarm estimate that over a million computers were affected.

Each of these corrupted auto-update software versions was targeting a specific and unknown pool of users, which were identified by their network adapters’ MAC addresses. Cybersecurity experts say that this type of MO points to a surgical espionage malware, which means it was specifically designed to spy on specific users.