“It is currently unclear if it was shut down by the attackers themselves, or by the registrar. “The command and control server used in this attack has been shut down as of November 2018,” a Kaspersky Lab spokesperson told Threatpost.
More than a million worldwide may have been impacted, with the cybercriminals targeting specific victims in Asia. 31, 2019, to inform it about the attack and share IOCs and descriptions of the malware.Īccording to researchers, the campaign ran from June to November 2018. Kaspersky Lab first contacted ASUS on Jan. “ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.” “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” said ASUS. In addition the manufacturer said it has “introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism.” The China-backed BARIUM APT is suspected to have deployed the backdoor code, which would give it access to impacted systems, according to researchers.ĪSUS for its part said in a Tuesday post that it has implemented a fix in the latest version (version 3.6.8) of the Live Update software. The attack targeted users of the ASUS Live Update Utility. The flaw was used to infect thousands of PC and was found by researchers at Kaspersky Lab and revealed Monday.
ASUS has expedited a patch for a major bug impacting thousands of PCs that allowed an advanced persistent threat group to launch a supply-chain attack dubbed “Operation ShadowHammer.” The vulnerability targeted a range of new ASUS PCs with a backdoor injection technique tied to the PC-maker’s faulty software update mechanism.