There are many manufacturers of computer systems around the world. One of my personal favorite vendors is ASUS. Even though they are a great company, they are not immune to cyber threats, as well as hacking their software.
In early 2019, ASUS was hit with a supply chain attack that leveraged ASUS Live Update software. The attack took place between June and November 2018 and according to ASUS's telemetry, it affected a large number of users.
ASUS Live Update is an tool that comes pre-installed on most of ASUS computers. It is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to a Gartner report, ASUS was the world’s 5th-largest PC vendor by 2017 unit sales. This makes it an extremely attractive target for APT groups that might want to take advantage of their userbase.
The goal of this attack is to specifically target an set pool of users, which were identified by their network adapters’ MAC addresses. To do this, the hackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. ASUS was able to extract more than 600 unique MAC addresses from over 200 samples used in the attack. Of course, there might be other samples out there with different MAC addresses in their list.
Are you affected?
ASUS created a tool which can be run to determine if your computer has been one of the surgically selected targets of the attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.
If you were on the list of affected users, then the hack is no longer a threat. At the end of March 2019, the 2 hosted updates servers where the attackers were using legitimate certificates to mask their packages have been found and removed. The Live Update software now available is now safe to use.
In early 2019, ASUS was hit with a supply chain attack that leveraged ASUS Live Update software. The attack took place between June and November 2018 and according to ASUS's telemetry, it affected a large number of users.
ASUS Live Update is an tool that comes pre-installed on most of ASUS computers. It is used to automatically update certain components such as BIOS, UEFI, drivers and applications. According to a Gartner report, ASUS was the world’s 5th-largest PC vendor by 2017 unit sales. This makes it an extremely attractive target for APT groups that might want to take advantage of their userbase.
The goal of this attack is to specifically target an set pool of users, which were identified by their network adapters’ MAC addresses. To do this, the hackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. ASUS was able to extract more than 600 unique MAC addresses from over 200 samples used in the attack. Of course, there might be other samples out there with different MAC addresses in their list.
Are you affected?
ASUS created a tool which can be run to determine if your computer has been one of the surgically selected targets of the attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.
If you were on the list of affected users, then the hack is no longer a threat. At the end of March 2019, the 2 hosted updates servers where the attackers were using legitimate certificates to mask their packages have been found and removed. The Live Update software now available is now safe to use.
No comments:
Post a Comment