Casa > Cyber ​​Notizie > ASUS Software Updates Used to Install ShadowHammer Backdoor
CYBER NEWS

ASUS aggiornamenti software utilizzato per installare ShadowHammer Backdoor

i ricercatori di Kaspersky Lab fatto una scoperta allarmante. ASUS, uno dei più grandi produttori di computer, è stato utilizzato per installare una backdoor dannoso sul macchine dei clienti.




The installation took place last year after hacker compromised a server for the maker’s live software update tool. It appears that the malicious file was signed with legitimate ASUS certificates, making it look like authentic software updates issues by the company.

Malicious Backdoor Installed on Half a Million ASUS Computers

According to Kaspersky researchers, half a million Windows computers were affected by the malicious backdoor via the ASUS update server. It is curious to note that the attackers seem to have been targeting only about 600 of these systems, making the attack targeted. The malicious operation used the machines’ MAC addresses to target them successfully. After the malware sneaked into a system, it communicated with the command-and-control server, which then installed more malware.

The attack was discovered in January, shortly after Kaspersky added a new supply-chain detection technology to its scanning tool. It appears that the investigation is still in progress and full results and technical paper will be published during SAS 2019 conferenza, Kaspersky detto nel loro rapporto which revealed some technical details about the attack. The attack itself has been dubbed ShadowHammer.

The goal of the attack was to surgically target an unknown pool of users, which were identified by their network adapters’ MAC addresses. Per realizzare questo, the attackers had hardcoded a list of MAC addresses in the trojanized samples and this list was used to identify the actual intended targets of this massive operation. We were able to extract more than 600 unique MAC addresses from over 200 samples used in this attack. Naturalmente, there might be other samples out there with different MAC addresses in their list.

Correlata: [wplinkpreview url =”https://sensorstechforum.com/backdoor-ccleaner-reason-hack-unknown/”] Backdoor in CCleaner colpisce milioni, Motivo dietro Hack Unknown.

The researchers contacted ASUS and informed them about the attack on Jan 31, 2019, supporting their investigation with IOCs and descriptions of the malware. “We believe this to be a very sophisticated supply chain attack, which matches or even surpasses the Shadowpad and the CCleaner incidents in complexity and techniques,” i ricercatori hanno detto.

Milena Dimitrova

Milena Dimitrova

Uno scrittore ispirato e un gestore di contenuti che è stato con SensorsTechForum dall'inizio del progetto. Un professionista con 10+ anni di esperienza nella creazione di contenuti accattivanti. Incentrato sulla privacy degli utenti e lo sviluppo di malware, crede fortemente in un mondo in cui la sicurezza informatica gioca un ruolo centrale. Se il buon senso non ha senso, lei sarà lì per prendere appunti. Quelle note possono poi trasformarsi in articoli! Seguire Milena @Milenyim

Altri messaggi

Seguimi:
Cinguettio

Lascio un commento

Il tuo indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *

Condividi su Facebook Quota
Loading ...
Condividi su Twitter Tweet
Loading ...
Condividi su Google Plus Quota
Loading ...
Condividi su Linkedin Quota
Loading ...
Condividi su Digg Quota
Condividi su Reddit Quota
Loading ...
Condividi su Stumbleupon Quota
Loading ...