This week Kaspersky Lab alerted us to the fact that it had discovered an alarming back door that was hiding in Asus software.
The security firm went on to say that Asus had fallen victim to a supply chain attack in which miscreants had used its digital certificates to distribute compromised Asus software. The software which was reportedly compromised was the Asus Live Update Utility which many notebooks and PCs running Asus hardware use.
What made the news particularly concerning was that 600 MAC addresses were targeted. If the malicious code encountered a matching MAC address the second stage of the attack would take place.
Now, Asus has responded to the news.
“Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers,” writes Asus.
The mention of “national level attacks” and “specific countries” is odd given that any cybercriminal could have orchestrated a supply chain attack. Beyond that, Kaspersky Lab points to a cybercrime operation known as Barium as the responsible party but augments this by saying that it’s unclear who exactly is behind this attack.
“ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed,” Asus continues.
The firm goes on to say that it has implemented a fix in version 3.6.8 of the Live Update Utility and users should update to this latest version as soon as possible.
Asus adds that its server-to-end-user software has also been updated and strengthened to prevent attacks such as this in the future.