ASUS users targeted in large supply chain attack

Users infected via software update utility. Kaspersky Lab researchers have uncovered a large-scale attack against ASUS users in which a software update utility was modified and used to distribute malware. The researchers said investigations into the attack - dubbed Operation ShadowHammer - are “still ongoing”, though they expect to publish a detailed technical paper and present their findings at a security conference in Singapore in mid-April. Kaspersky said the attack “seems to be one of the biggest supply-chain incidents ever” and estimates a million people may have been exposed to the malware. However, only a small number of users appeared to be of any interest to the attackers. “They targeted only 600 specific MAC addresses,” the researchers said in a blog post early on Tuesday. Kaspersky researchers said they had detected the attack in January this year “thanks to a new technology in our products”. The attack was live “between June and November 2018.” A threat actor modified the ASUS Live Update Utility, which delivers BIOS, UEFI, and software updates to ASUS laptops and desktops, added a back door to the utility, and then distributed it to users through official channels,” the researchers said.