“The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems thru their unique MAC address”
-
-
Prikaži ovu nit
-
Everyone talks about the dreaded nightmare of supply-chain attacks. This is what a real-world supply chain attack from a vendor’s server looks like.
Prikaži ovu nit -
"This attack shows that the trust model we are using based on known vendor names and validation of digital signatures cannot guarantee that you are safe from malware”
Prikaži ovu nit -
The researchers at
@kaspersky Lab believe it may be related to the CCleaner attack in 2017. Here’s their blog post about it with IOC’shttps://securelist.com/operation-shadowhammer/89992/ …Prikaži ovu nit -
ASUS told
@TheVerge it will issue a statement tomorrow. But the company should not have been caught flat-footed on this. I sent them four emails last week before story published.Prikaži ovu nit -
I should add that
@kaspersky Lab researchers contacted ASUS Jan 31 and met w/ ASUS in person Feb 14. The company insisted the hack didn’t happen. When Kaspersky offered to help them with forensic to show it did, ASUS wanted them to sign NDA. The company went silent after thatPrikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Do u see any operational similarity with Stuxnet?
-
No. Is there a similarity you see in this?
- Još 2 druga odgovora
Novi razgovor -
-
-
Is the malicious code inside a bios update or is it from other software? OS level or firmware level malware?
-
It’s an update for the update took itself
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.