Yet, the unidentified threat actor only appeared to be interested in a very small subset of those devices: Kaspersky said they "targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility".
Hackers may have infected millions of Asus computers previous year by tampering with the PC maker's update software.
Michael Oh, founder of Cambridge, Mass. -based solution provider TSP LLC, said the details disclosed so far suggest that hackers were able to infiltrate Asus' internal systems and take multiple steps there in order to deliver the malicious software.
Even though Asus was notified about the attack, they haven't maintained active communication channels with Kaspersky and they've also failed to alert Asus users according to Zetter.
Moscow-based cyber security provider Kaspersky Lab said the attack took place between June and November a year ago and was used to deliver a software update with a "backdoor" that would give hackers access to infected machines.
Asus Live Updater was used in a big supply chain attack we dubbed Operation #ShadowHammer.
To launch the attack, the hackers were able to infiltrate and serve the malicious updates over Asus's own official servers at "liveupdate01s.asus.com", and "liveupdate01.asus.com".
Kaspersky said that more than 57,000 of its users had downloaded and installed the compromised Asus update but the hackers meant to target a smaller number of unknown victims.Читайте также: Kenyan teacher who gave earnings to poor wins $1M prize
Kaspersky Labs says that it has found the same techniques were used "against software from three other vendors".
More information about this attack is available on Kaspersky's Securelist website.
They believe that the entire operation remained secret for so long because even though the backdoored ASUS utility was installed on hundreds of thousands of devices, it would do nothing if the device was not on the predefined list.
The majority of victims are in Russian Federation, followed by Germany, France, and Italy. The attack, which has been given the name "ShadowHammer", created a back door in the update software, allowing hackers to install malware on machines that had downloaded the compromised utility. However, Motherboard reports that the PC giant has "been largely unresponsive" since meeting with Kaspersky representatives on this issue.
Kaspersky Lab researchers have uncovered a large-scale attack against ASUS users in which a software update utility was modified and used to distribute malware.
ASUS denied its servers were compromised when informed of the findings and continued to use one of the compromised certificates involved in the attack for at least a month after notification.
If you suspect that you've been infected with ShadowHammer, Kaspersky has released a tool that can help you check.При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2019 Copyright.
Автоматизированное извлечение информации сайта запрещено.
Код для вставки в блог