Skip to main content

Shadowhammer attack didn't just hit Asus

(Image credit: Image source: Shutterstock/lolloj)

The Operation ShadowHammer supply chain attack which affected Asus last month may have affected more victims, Kaspersky has said.

Further investigation (opens in new tab) by the company's security researchers found that Asus wasn't the only company targeted. In fact, a total of six companies were infiltrated during the supply chain raid.

Among them, the reserachers said, are Electronics Extreme, Innovative Extremist and Zepetto. Besides them, the victims were a video gaming company, a congolmerate holding company and a pharmaceutical company, all from South Korea, yet unnamed.

The researchers are currently notifying the victims of the attack.

Researchers first noticed the attack in Asus' laptops. the ASUS Live Update Utility, a tool that comes preloaded with ASUS machines and is used to update BIOS, was infected. Hackers stole certificates used by ASUS to sign legitimate binaries, so the threat went undetected.

Researchers also claimed that, despite the fact that the malware was present in thousands of machines, only 600 were targeted. “The selected vendors are extremely attractive targets for APT groups that might want to take advantage of their vast customer base. It is not yet very clear what the ultimate goal of the attackers was and we are still researching who was behind the attack," said Vitaly Kamluk, Director of Global Research and Analysis Team, APAC, at Kaspersky Lab.

It seems as the number of affected companies may still rise.

Image source: Shutterstock/lolloj

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.