The Russian cybersecurity firm Kaspersky Labs in a blog spot writes that they detected a new advanced persistent threat (APT) campaign that compromised system updates to install a malicious backdoor on ASUS desktops and laptops of over 1 million users.
Kaspersky Lab has described the ASUS hack as one of the biggest supply chain attacks ever. Kaspersky labs estimate that the backdoored version of ASUS live updates was downloaded and installed by more than 57,000 Kaspersky users, but it was distributed to around 1million people.
The criminals even made sure the file size of the malicious unity stayed the same as that of the original one, “Kaspersky Labs said in the blog post.” Each backdoor code contained a table of hard-coded MAC addresses- the unique identifier of network adaptors used to connect a computer to a network.
The research found that if the MAC address matched one of the entries, the malware downloaded the next stage of malicious code. A search for similar malware by Kaspersky researchers found that another three vendors based in Asia too were infected with the same backdoor software.
Kaspersky contacted ASUS on January 31 to inform them about the supply chain attack targeting the ASUS live update utility, and its investigation is ongoing. They also informed the other three unnamed vendors about the attacks.
Kaspersky Lab will be presenting full findings on the operation Shadow Hammer at security Analyst 2019 scheduled to be held in Singapore from April 9 to April 11.