In a Complex targeted espionage operation, hackers infected thousands of computers in the Taiwanese vendor ASUS with malicious Applications using the company’s online automatic update service, security Investigators reported Monday.
Kaspersky Lab stated it detected 57,000 infections among customers of its antivirus program. It estimates that the tap likely affected more than 1 million computers in the world’s No. 5 pc business.
The malware was designed to open a”backdoor” for intruders in the infected machines, researchers said.
Approximately 50 percent of the affected Kaspersky anti-virus applications customers were in Russia, Germany and France, the business said.
A Symantec spokeswoman said about 13,000 of its own antivirus clients received the malicious updates.
The so-called supply-chain assault was first reported from the online news site Motherboard.
Kaspersky said the infected software was on ASUS’s Live Update servers from June to November and was signed with legitimate certificates. It did not detect the malware until January, when new skills have been added to its anti virus applications, the business said.
Kaspersky stated its investigators determined that the malware has been programmed for surgical espionage if they saw that it was designed to take a second malware payload for specific computers based on unique identifiers of their network connections. It identified more than 600 computers programmed to receive the payload.
In a blog post and answers to emailed questions, the business said the nature of the second malware payload was unknown since the server that delivered it was no more active.
Kaspersky said that while is too early to know who was behind the surgery, it is consistent with a 2017 incident blamed by Microsoft to a Chinese state-backed set the company calls BARIUM.