ASUS Responds to ShadowHammer APT Attacks by Playing Down the News

• ASUS says they didn’t inform anyone of ShadowHammer, because the number of victims is just too small.
• The company promises to have implemented additional security measures that will essentially prevent APT attacks from occurring in the future.
• Many questions still remain unanswered, as ASUS didn’t want the incident to go public anyway.

Following yesterday’s news about the “Operation ShadowHammer” that involved a large-scale backdoor planting operation which took advantage of ASUS’s update server and certification system infrastructure, the hardware manufacturer has responded with a reassuring post. According to the Taiwanese company, the malicious attackers targeted a very small and specific user group, leaving regular customers untouched, so their decision not to disclose the incident was based on that fact. Moreover, ASUS claims to have fixed the Live Update software that was used as the payload wagon by the attackers, with version 3.6.8 resolving all problems.

Secure your ASUS PC devices now! Download the latest version of Live Update tool to make sure your device is protected from any malicious programs. #cybersecurity #ASUS #ASUSLaptops https://t.co/h728NY6hb0 pic.twitter.com/tcqNdMx0db

— ASUS (@ASUS) March 26, 2019

ASUS claims to have implemented additional security verification mechanisms for their software updates, and also to have incorporated a new and stronger end-to-end encryption system that will make the work of malicious attackers harder. Moreover, they have updated and strengthened their server-to-end-user software architecture to make it impossible for similar attacks to be carried out in the future. For those who worry about the possibility of being one of the targets, ASUS has created a special diagnostic tool, although they do point out that the chances of being a target are extremely low. If you find that you are a target however, the designated action should be to back up your files and restore your OS to factory settings. This should be enough to remove the planted malware from your system.

Kaspersky Labs has made the revelation, after having informed ASUS of the ShadowHammer operation that took place last year, and after waiting for over two months for them to do something about it. It looks like ASUS wasn’t planning to let their customers know about this, as ZDNet reports that they even tried to have the Russian security researchers sign a non-disclosure agreement. Thankfully, Kaspersky acted ethically, and disclosed the story to the public, opening up the gates for regulatory agencies to revisit ASUS.

In the middle of all this, are the regular ASUS customers who have lost their trust to the vendor, and have a multitude of questions that still remain unanswered. For example, does the Live Update 3.6.8 renders you safe if the malware has been downloaded in the system through a previous version of the tool? How did the hackers manage to compromise ASUS update servers? How did they get their hands on the MAC addresses of the people who they wanted to target? How many people were actually impacted during the 2018 attacks?

As an ASUS customer, are you satisfied with the company’s official response? Let us know in the comments section below, and don’t forget to like and subscribe on our socials, on Facebook and Twitter.