ASUS wasn't the only company hit by ShadowHammer
At least six other organizations were also infiltrated
As it turns out, ASUS was not the only company targeted by supply chain attacks during the ShadowHammer hacking operation uncovered by Kaspersky Lab and we're now learning that at least six other organizations have been infiltrated by hackers.
The Taiwanese hardware maker's supply chain was compromised by trojanizing its ASUS live software updater which was eventually downloaded and installed on tens of thousands of customer computers according to experts' estimations.
However, ASUS wasn't the only company which had its IT infrastructure infiltrated during Operation ShadowHammer since Kaspersky's researchers were able to find a number of other similar malware samples that were also signed with legitimate certificates.
- Attacking the supply chain - should your business be worried?
- Supply chain attacks: when things go wrong
- Asus responds to laptop hacking attack
The cybersecurity firm discovered that the ASUS samples and the newly discovered ones were both using very similar algorithms to calculate API function hashes. Additionally the IPHLPAPI.dll was used within all of the malware samples.
ShadowHammer victims
Besides ASUS, three Asian gaming companies (Electronics Extreme, Innovative Extremist and Zepetto) also fell victim to Operation ShadowHammer and Kaspersky also discovered that another video game company, a conglomerate holding company and a pharmaceutical company in South Korea were targets as well.
The researchers did not name the three new victims as they are still in the process of alerting them regarding the supply chain attacks they suffered.
The attackers that targeted the three Asian gaming companies were able to drop a malicious payload designed to collect system information and download additional payloads from its command-and-control (C&C) server.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Once installed on a user's system, the trojanized games first check to see if traffic and processor monitoring tools are running or if the system language is set to either Simplified Chinese or Russian. If any of these checks come back as true, the backdoor is programmed to stop execution automatically.
Kaspersky provided more details on the nature of Operation ShadowHammer in a blog post, saying:
“We believe this to be the result of a sophisticated supply chain attack, which matches or even surpasses the ShadowPad and the CCleaner incidents in complexity and techniques. The reason that it stayed undetected for so long is partly the fact that the trojanized software was signed with legitimate certificates (e.g. “ASUSTeK Computer Inc.”).”
If you have an ASUS computer, it is highly recommended that you download and update to the latest version of the ASUS Live Update Utility to prevent falling victim to any further attacks.
Via BleepingComputer
- Keep your systems protected from the latest cyber threats with the best antivirus
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.