Kaspersky exposed a security flaw targeting the world’s fifth largest computer company.
Security experts Kaspersky have exposed a security flaw targeting the online automatic update service of the world’s fifth largest computer company, ASUS.
The flaw is estimated to have affected more than one million computers worldwide and took more than five months to be exposed.
The malware installed via the online automatic update service was designed to create a backdoor for intruders in the machines affected.
Operation ShadowHammer: a newly discovered supply chain attack that leveraged #ASUS Live Software Update. https://t.co/tnZ8V0RPLU— Kaspersky Lab (@kaspersky) March 25, 2019
Just another #MondayMorning in the world of #cybersecurity... pic.twitter.com/llnQQu9WUe
Kaspersky was able to determine that the malware was programmed for surgical espionage and that it was designed to accept a second malware payload on specific computers.
Unfortunately, due to the server that delivered the second malware payload no longer being active, they are unable to determine exactly what the second payload may have been.
Kaspersky did mention that the incident was consistent with a 2017 incident blamed by Microsoft on a Chinese state-backed group the company calls BARIUM.
Join YOURLifeChoices, it’s free
- Receive our daily enewsletter
- Enter competitions
- Comment on articles