Mar 25, 2019

"Operation Shadowhammer" hacker group invades ASUS computers

A sophisticated group infected tens of thousands of ASUS brand computers with malware in a scheme to target a small handful of users, Kaspersky Lab reports. The attacks came through the official software update program ASUS Live Update Utility.

Why it matters: The operation, dubbed "Operation Shadowhammer," appears to come from a motivated, technologically adept threat — someone sophisticated enough to breach a major technology firm, patient enough to compile technical details about their intended victims to use during the attack and motivated enough to infected anyone updating their ASUS system to reach only a handful of victims.


  • Shadowhammer signed the malware it sent through the ASUS Live Update Utility using ASUS's security certificates, instructing computers to treat the malware as legitimate software updates. Companies treat certificate data as one of their most guarded secrets to prevent hackers from doing this.
  • Shadowhammer's malware checked if a system it infected was a pre-written list of around 600 computers it was specifically looking for, using unique identifiers in the networking hardware known as MAC addresses.
    • That means Shadowhammer had advance knowledge of the systems it most wanted performing follow up attacks against.

By the numbers: Kaspersky detected more than 57,000 different systems that tried to install the Shadowhammer malware. That number only includes the systems Kaspersky software protects.

Go deeper

In photos: Protests over George Floyd's death grip Minneapolis

Protesters gather at Hennepin County Government Plaza on Thursday in Minneapolis, Minnesota.

Protests in response to the death of George Floyd, a black man who died shortly after a police encounter in Minneapolis, are ongoing as the nation waits to see if the officers involved will be charged with murder.

The state of play: Minnesota's governor on Thursday activated the state's national guard following violent outbreaks throughout the week.

Updated 3 hours ago - Health

World coronavirus updates

Data: The Center for Systems Science and Engineering at Johns Hopkins; Map: Axios Visuals

New Zealand has a single novel coronavirus case after reporting a week of no new infections, the Ministry of Health confirmed on Friday local time.

By the numbers: Nearly 6 million people have tested positive for COVID-19 and over 2.3 million have recovered from the virus. Over 357,000 people have died globally. The U.S. has reported the most cases in the world with over 1.6 million.

Updated 4 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 8:30 p.m. ET: 5,803,416 — Total deaths: 359,791 — Total recoveries — 2,413,576Map.
  2. U.S.: Total confirmed cases as of 8:30 p.m. ET: 1,720,613 — Total deaths: 101,573 — Total recoveries: 399,991 — Total tested: 15,646,041Map.
  3. Public health: The mystery of coronavirus superspreaders.
  4. Congress: Pelosi slams McConnell on stimulus delay — Sen. Tim Kaine and wife test positive for coronavirus antibodies.
  5. World: Twitter slapped a fact-check label on a pair of months-old tweets from a Chinese government spokesperson that falsely suggested that the coronavirus originated in the U.S.
  6. 2020: The RNC has issued their proposed safety guidelines for its planned convention in Charlotte, North Carolina.
  7. Axios on HBO: Science fiction writers tell us how they see the coronavirus pandemic.
  8. 🏃‍♀️Sports: Boston Marathon canceled after initial postponement, asks runners to go virtual.
  9. What should I do? When you can be around others after contracting the coronavirus — Traveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  10. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.