The attackers used stolen digital certificates to insert malicious code into the company’s live software-update system, which may then have installed back-doors on hundreds of thousands of personal computers, Kaspersky said in a report published online. The cybersecurity firm discovered the infiltration in January, which it dubbed Operation Shadowhammer and possibly ran from June to November last year. Nick Wu, a spokesman for Asus, said the company wasn’t immediately able to comment.
It’s unclear who the perpetrators were, or their motives. Cyber-attacks are on the rise globally as online information becomes increasingly valuable and connected devices proliferate. So-called supply-chain infiltration, in which attackers target the infrastructure of computer and device vendors, has become one of the most effective vectors for the spread of malware, Kaspersky said.
“The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base,” Vitaly Kamluk, director of global research and analysis team, APAC, said in the report, referring to hacking teams.
Asus is one of the world’s largest makers of PCs and devices from motherboards to computer displays, and is favored especially by gamers.
Shares of Asus rose 0.9 percent Taipei, paring their decline in the past 12 months to 19 percent. DM