New supply chain attack threatens hundreds of thousands of users worldwide

Kaspersky Lab has uncovered a new advanced persistent threat (APT) campaign that has affected a large number of users through what is known as a supply chain attack. Our research found that threat actors behind Operation ShadowHammer have targeted users of the ASUS Live Update Utility, by injecting a backdoor into it at least between June and November 2018. Kaspersky Lab experts estimate that the attack may have affected more than a million users worldwide.

A supply chain attack is one of the most dangerous and effective infection vectors, increasingly exploited in advanced operations over the last few years – as we have seen with ShadowPad or CCleaner. It targets specific weaknesses in the interconnected systems of human, organizational, material, and intellectual resources involved in the product life cycle: from the initial development stage through to the end user. While a vendor’s infrastructure can be secure, there could be vulnerabilities in its providers’ facilities that would sabotage the supply chain, leading to a devastating and unexpected data breach.