View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

ASUS Issues Fix for Backdoor, Points Finger at APT, Downplays Severity of Compromise

ASUS downplays major compromise of its servers

By CBR Staff Writer

Taiwanese computer maker ASUS has admitted its Live Update servers were breached by an as-yet unknown adversary and used to push a backdoor onto what Kaspersky Lab says may have been over a million devices.

In a belated response to the revelation, the company pointed late Tuesday to “national-level attack[s] usually initiated by a couple of specific countries” and released a a fix in the latest version of its Live Update software.

Only the version of Live Update used for notebooks was hijacked, it said, downplaying the incident and declining to mention or thank Kaspersky Lab for identifying the sophisticated attack: “Only a very small number of specific user group were found to have been targeted by this attack” the company said.

See also: ASUS Software Updates Put a Backdoor in up to 1 Million Computers: Kaspersky

ASUS said: “We have introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”

The company has also created an online security diagnostic tool to check for affected systems, and encouraged users to “run it as a precaution.”

It did not thank Kaspersky Lab for identifying the compromise.

Some users attempting to download that tool were warned by Windows Defender that the update itself was malicious.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The breach was identified by Kaspersky Lab, which dubbed it “ShadowHammer”, Kaspersky Lab threat researchers say despite the breadth of the campaign between June and November 2018, the ASUS backdoor was meant to “surgically target” a limited number of users identified by network adapter MAC addresses.

“We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques. The reason that it stayed undetected for so long is partly due to the fact that the trojanized updaters were signed with legitimate certificates (eg: “ASUSTeK Computer Inc.”). The malicious updaters were hosted on the official liveupdate01s.asus[.]com and liveupdate01.asus[.]com ASUS update servers,” Kaspersky said.

The privately held Russian cybersecurity company is publishing a paper/presenting on the attack at the Security Analyst Summit 2019 in Singapore Training on April 7-8 and has suggested the attackers have pivoted to other targets.



Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.