ASUS releases hotfix and downplays APT hacking of its supply chain

Written by

Sean Lyngaas
March 26, 2019 | CYBERSCOOP

The Taiwan hardware manufacturer ASUS announced Tuesday a software update in response to a country-related hack and downplayed the scale of the compromise of its supply chain.

"Only a very small number of [a] We have discovered that specific user groups have been targeted by this attack and that it is therefore highly unlikely that your device has been targeted, "ASUS said in a press release. The statement contrasted with the findings of researchers at Kaspersky Lab, who described the violation as possibly "one of the biggest incidents in the supply chain of all time".

Attackers compromised an ASUS server by sending malicious updates that affected about 1 million computer users between June and November 2018, according to the researchers, though only 600 appeared to be the target of # 39; attacks. ASUS accounted for 6% of global PC shipments in the third quarter of 2018, according to Gartner. The company also manufactures mobile phones, smart home appliances and other electronic products.

The researchers nicknamed the ShadowHammer hacking operation and said it was the work of a persistent persistent threat (APT), a designation usually reserved for government-sponsored hackers.

The motherboard announced for the first time Monday the attack and exposed the scope of the compromises. Hackers have used two of ASUS 'digital certificates to sign their malicious programs, the report said, using a proven method to abuse trust in the provider's supply chain. Kaspersky's researchers informed the ASUS of the incident on January 31 and met with an ASUS representative on February 14, but the company was largely insensitive after that, according to Motherboard.

CyberScoop has sent a detailed list of questions to ASUS about its response to hacking.

In its statement, ASUS said that the "Live Update" software patch introduced multiple security verification mechanisms to prevent updates from being manipulated by hackers. "At the same time, we have also updated and strengthened our server-to-end software architecture to prevent similar attacks from happening again in the future," ASUS said.

The company added that its customer service contacted affected users to help them recover from the incident. ASUS and Kaspersky have both released tools to check for the infection of the computer by ShadowHammer.

The news of ASUS 'disruptive supply chain has shifted to the world of security with analysts giving advice on how vendors can consolidate their digital footprint.

Everyone needs to be vigilant and aware of the risks of the supply chain. We saw it with CCleaner, we saw it with MeDoc, and now we see it again at Asus. Visibility and segmentation are the way to defend against these threats. https://t.co/Xqn9X9EfFL

– Craig Williams (@security_craig) March 25, 2019

The Department of Homeland Security alerted computer users of the ASUS patch on Tuesday, asking them to verify that the update had been installed.

<! –

->