Researchers from threat intelligence firm Kaspersky Lab said in a report on Monday that hackers compromised Asus’ Live Update tool to distribute malware to over 1 million Asus device users.
Motherboard reported that “Operation ShadowHammer,” as the researchers dubbed the attack, allowed Asus machines to accept infected software because the hackers were able to sign it with a legitimate Asus certificate that they had stolen.
Kaspersky Lab said 57,000 Asus device users were attacked, but the firm estimated the malware was distributed to “about 1 million people total.” The attack took place between June and November 2018.
Targeting a select few
Though the hackers cast a wide net, the researchers said the attack’s primarily purpose was to target only around 600 “surgically selected” Asus systems. In systems not specifically targeted by the hackers, the rogue software remained dormant.
It’s not yet known what type of information the hackers were after.
“The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base. It is not yet very clear what the ultimate goal of the attackers was and we are still researching who was behind the attack," said Vitaly Kamluk, Director of Global Research and Analysis Team, APAC, at Kaspersky Lab.
The firm said it will “continue to investigate this attack.” In the meantime, Kaspersky Lab has created an online tool that consumers can use to see if their device’s MAC addresses match the ones on the target list.
In a statement, Asus said its customer service team has been "reaching out to affected users and providing assistance to ensure that the security risks are removed.”
The company also said that it has "implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism."
"At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future," Asus said.