Security researchers revealed massive supply chain attack that compromised over 1 million computers manufactured by Taiwan-based tech giant ASUS.
A state-sponsored hackers managed to hijack ASUS Live automatic software update server between June and November 2018 and pushed malicious updates to install backdoors on over one million Windows computers worldwide.
Researchers from Russian firm Kaspersky Lab, who discovered the attack and dubbed it Operation ShadowHammer, Asus was informed about the ongoing supply chain attack on Jan 31, 2019.
After analyzing over 200 samples of the malicious updates, researchers learned that hackers did not want to target all users, instead only a specific list of users identified by their unique MAC addresses, which were hardcoded into the malware.
“We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. Of course, there might be other samples out there with different MAC addresses in their list,” researchers say.
According to Kaspersky, the backdoored version of ASUS Live Update was downloaded and installed by at least 57,000 Kaspersky users.
“We [researchers] are not able to calculate the total count of affected users based only on our data; however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide,” Kaspersky says.
Symantec told Vice Media that the company identified the malware on more than 13,000 machines running its antivirus software.
Most of the victims Kaspersky detected are from Russia, Germany, France, Italy, and the United States, though the malware infected users from around the world.