Hackers have compromised an estimated 1 million computers produced by Taiwan-based technology company Asus with a secret backdoor, Motherboard reports.
The incident, discovered by cybersecurity firm Kaspersky Lab, began last year after the attackers hacked into an Asus server for the company’s live update tool. Dubbed “ShadowHammer,” the attack prompted users to install an update that was even signed with one of Asus’ digital certificates, intended to verify that an update is actually coming from the company.
Kaspersky was able to find the backdoor in January after developing a new method for detecting supply-chain attacks.
While the backdoor is believed to have been installed on the machines of as many a million users, the attackers were only interested in 600 specific targets, although there are possibly more. Those targets were located by their MAC address, a unique identifier for the computer’s network adapter. If the malicious update scanned a victim computer and located one of those MAC addresses, secondary malware would be loaded onto the machine from a server controlled by the hackers.
“They were not trying to target as many users as possible,” Vitaly Kamluk, Asia-Pacific director of Kaspersky Lab’s Global Research and Analysis Team, told Motherboard. “They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
Symantec, a U.S.-based cybersecurity firm, was also able to confirm Kaspersky’s discovery, adding that 13,000 of its own customers had been infected with the backdoor. Kaspersky says more than 57,000 of its customers have been affected as well.
Although Kaspersky says it alerted Asus to the issue in late January, the company has thus far failed to alert its customers.
Kaspersky has also released a free tool which can scan a user’s computer to determine if their MAC address was on the hacker’s target list.