ASUS patches the Live Update software exploited in ‘Operation ShadowHammer’ campaign

• ASUS has come up with a security update to patch the Live Update software. The fix is implemented in the latest ASUS Live Update version 3.6.8.
• ASUS stated that only a small number of specific user group were targeted in the ‘Operation ShadowHammer’ attack.

What is the issue - Researchers from Kaspersky observed a campaign dubbed ‘Operation ShadowHammer’ that targets the supply chain by exploiting the backdoored version of ASUS Live Update Software.

What was the immediate action taken - Now, ASUS has come up with a security update to patch the Live Update software. The fix is implemented in the latest ASUS Live Update version 3.6.8.

• ASUS has introduced multiple security verification mechanisms to avoid any malicious manipulation in the form of software updates.
• ASUS has also updated its end-to-end encryption mechanism.
• The company has further enhanced its server-to-end-user software architecture to prevent future attacks.
• The company is also contacting the potentially affected users and providing assistance to ensure that the security risks are removed.
• ASUS has also developed an online security diagnostic tool to check for infected systems.
• It has requested affected users to run a backup of all files and restore their operating system to factory setting.

Worth noting

• ASUS stated that only a small number of specific user group were targeted in the ‘Operation ShadowHammer’ attack.
• The company noted that only the version of Live Update used for notebooks has been affected.

“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group,” ASUS stated.

This is a contrast to Kaspersky and Symantec's estimations. Kaspersky noted that the ‘Operation ShadowHammer’ campaign has impacted over 1 million users who have downloaded the backdoored ASUS Live Update Sofware on their systems.