. home.aspx



Shadowhammer attack didn't just hit Asus

April 24, 2019 / Sead Fadilpasic

The Operation ShadowHammer supply chain attack which affected Asus last month may have affected more victims, Kaspersky has said. Further investigation by the company's security researchers found that Asus wasn't the only company targeted. In fact, a total of six companies were infiltrated during the supply chain raid. Among them, the researchers said, are Electronics Extreme, Innovative Extremist and Zepetto. Besides them, the victims were a video gaming company, a congolmerate holding company and a pharmaceutical company, all from South Korea, yet unnamed. The researchers are currently notifying the victims of the attack. Researchers first noticed the attack in Asus' laptops. the ASUS Live Update Utility, a tool that comes preloaded with ASUS machines and is used to update BIOS, was infected. Hackers stole certificates used by ASUS to sign legitimate binaries, so the threat went undetected. Researchers also claimed that, despite the fact that the malware was present in th...