lasasram.blogg.se

17 April 2022 - 14:41
Asus live update hack
Allmänt
Asus live update hack









  1. #ASUS LIVE UPDATE HACK DRIVERS#
  2. #ASUS LIVE UPDATE HACK UPDATE#
  3. #ASUS LIVE UPDATE HACK FULL#
  4. #ASUS LIVE UPDATE HACK FOR ANDROID#
  5. #ASUS LIVE UPDATE HACK SOFTWARE#

The reason that it stayed undetected for so long is partly due to the fact that the trojanized updaters were signed with legitimate certificates (eg: “ASUSTeK Computer Inc.”). We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques. Of course, there might be other samples out there with different MAC addresses in their list. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. To achieve this, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. We are not able to calculate the total count of affected users based only on our data however, we estimate that the real scale of the problem is much bigger and is possibly affecting over a million users worldwide.

#ASUS LIVE UPDATE HACK UPDATE#

This makes it an extremely attractive target for APT groups that might want to take advantage of their userbase.īased on our statistics, over 57,000 Kaspersky users have downloaded and installed the backdoored version of ASUS Live Update at some point in time. According to Gartner, ASUS is the world’s 5th-largest PC vendor by 2017 unit sales.

#ASUS LIVE UPDATE HACK DRIVERS#

The attack took place between June and November 2018 and according to our telemetry, it affected a large number of users.ĪSUS Live Update is an utility that is pre-installed on most ASUS computers and is used to automatically update certain components such as BIOS, UEFI, drivers and applications. In January 2019, we discovered a sophisticated supply chain attack involving the ASUS Live Update Utility.

#ASUS LIVE UPDATE HACK FULL#

While the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in Singapore, we would like to share some important details about the attack.

  • Kaspersky Advanced Cyber Incident CommunicationsĮarlier today, Motherboard published a story by Kim Zetter on Operation ShadowHammer, a newly discovered supply chain attack that leveraged ASUS Live Update software.
  • KasperskyEndpoint Detection and Response.
  • KasperskyPhysical, Virtual & Cloud Workloads Security.
  • KasperskyEndpoint Security for Business Advanced.
  • KasperskyEndpoint Security for Business Select.

    • #ASUS LIVE UPDATE HACK FOR ANDROID#

  • Kaspersky Internet Security for Android.
    • It will publish a full report to Securelist at that time as well–hopefully with details about the three other vendors. The company also plans to present more details about the attack at the SAS 2019 conference on April 8 in Singapore. More information about this attack is available on Kaspersky’s Securelist website. We suspect more information will be revealed after they’ve had a chance to protect their users.

    #ASUS LIVE UPDATE HACK SOFTWARE#

    Kaspersky said that “the same techniques were used against software from three other vendors” and added that it notified them about the attack, but it didn’t say who the vendors are or how they responded. The outlet noted that Symantec confirmed Kaspersky’s findings and offered more details about how the researchers were finally able to uncover this attack. The supply chain attack was first reported by Motherboard, which said it sent Asus three emails about Kaspersky’s findings but hasn’t received a response. Yet, the unidentified threat actor only appeared to be interested in a very small subset of those devices: Kaspersky said they “targeted only 600 specific MAC addresses, for which the hashes were hardcoded into different versions of the utility.” That means as many as 1 million people were compromised to target just 600. (Kaspersky managed it, though, which is why disclosures like these are also thinly veiled advertisements.) The company said it detected the malware on 57,000 devices but estimated that 1 million were affected. It also had the same file size as the official version of the utility.Īll those precautions made the malicious version of the Asus Live Update Utility incredibly difficult to detect. This malicious version of the tool was hosted on the Asus update server and signed with a legitimate certificate. The researchers said that someone modified the Asus Live Update Utility, added a back door and then distributed it via official channels. The security firm said this attack, which it dubbed Operation ShadowHammer, “seems to be one of the biggest supply-chain incidents ever,” after the CCleaner attack of 2017. Kaspersky Labs revealed today that an unidentified threat actor modified the Asus Live Update Utility to gain access to target devices.











    Asus live update hack
    0 kommentar(er)
    Om Mig: