Kaspersky Lab has uncovered a sophisticated cyberattack that could have killed nearly a million users of ASUS laptops and desktops.
The investigation revealed that cybercriminals added malicious code to the ASUS Live Update utility, which delivers BIOS, UEFI and software updates. After that, the attackers organized the distribution of the modified utility through official channels.
βThe utility turned into a Trojan was signed with a legitimate certificate and hosted on the official ASUS update server, which allowed it to go unnoticed for a long time. The criminals even made sure that the size of the malicious utility was exactly the same as the real one,β notes Kaspersky Lab.
Presumably, the ShadowHammer group is behind this cyber campaign, organizing complex targeted attacks (APT). The fact is that, although the total number of victims can reach a million, the attackers were interested in 600 specific MAC addresses, the hashes of which were hardwired into various versions of the utility.
βWhile investigating the attack, we discovered that the same techniques were used to infect software from three other vendors. Of course, we immediately notified ASUS and other companies about the attack, βthe experts say.
Details about the cyberattack will be revealed at the SAS 2019 security conference starting April 8 in Singapore.
Source: 3dnews.ru