The Maharashtra Cyber Department has issued an advisory warning users of ASUS, a reputed computer manufacturer that came under attack earlier this month.
The Cyber police officers said the attack, named Operation ShadowHammer, affected the ASUS Live Update Utility, which automatically downloads updates for its systems and applications. Officials said the attack created back doors in the computers using a MAC address.
A Cyber police officer said, “The MAC address is a unique code used to connect a computer to a network. The trojans sent out by the perpetrators of Operation ShadowHammer had a table of MAC addresses preloaded in them and devices with matching MAC addresses were infected.” The officer said security experts had identified at least 600 MAC addresses encoded in the ShadowHammer trojans and the attack affected over one million devices.
To deal with the security risk posed by ShadowHammer, the Maharashtra Cyber Department, through its Twitter handle @MahaCyber1, put out a detailed advisory listing the steps to be taken to identify if a device has been infected by the malware. The advisory also put up a link to a tool developed in collaboration with the Kaspersky Lab to guide owners of infected devices on the future course of action. The officer said, “Only ASUS Windows devices are believed to have been affected by the attack. The advisory has given every step in detail and can be followed easily.”
A Kaspersky official added, “According to our research, threat actors behind ShadowHammer have targeted users of ASUS Live Update Utility by inserting a back door over a period of several months [between June and November 2018]. We estimate the attack may have affected more than a million users worldwide. Kaspersky Lab reported the issue to ASUS in January.”
ASUS said that Advanced Persistent Threats are national-level attacks initiated by a couple of specific countries, targeting certain international organisations or entities instead of consumers.
The computer manufacturer said the ASUS Live Update Utility is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS.
‘In touch with users’
The firm said, “A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.”