Kaspersky: ShadowHammer supply-chain attack expands its targets to more organizations

Last month, Kaspersky found that the ASUS series of computer pre-installed management programs were implanted with malwares. The attack method was to embed malicious codes the ASUS server source code package in advance. In this way, the virus is distributed to thousands of computers along with the ASUS management program, which is the supply chain attack method we have often mentioned in recent years.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less-secure elements in the supply network. A supply chain attack can occur in any industry, from the financial sector, oil industry or government sector. Cybercriminals typically tamper with the manufacturing process of a product by installing a rootkit or hardware-based spying components. Via_Wiki

Kaspersky’s initial report mainly pointed out that the ASUS management program was infected with the virus, and the software package carrying the ASUS official digital signature arrived at the user through an upgrade. After a more detailed investigation, Kaspersky “identified three further, previously unknown, victims, a videogame company, a conglomerate holding company, and a pharmaceutical company, all based in South Korea, which responded with a confirmation to the malware protocol, indicating compromised servers.”

It can be seen that attackers prefer gamers or software developers with a large number of users, so as to infect more users through a supply-chain attack. “The goal of the attack was to surgically target an unknown pool of users, who were identified by their network adapters’ MAC addresses. To achieve this, the attackers had hardcoded a list of MAC addresses into the trojanized samples and the list was used to identify the intended targets of this massive operation.”