ASUS was not the only company targeted by supply-chain attacks during the ShadowHammer hacking operation as discovered by Kaspersky, with at least six other organizations having been infiltrated by the attackers.
As further found out by Kaspersky’s security researchers, ASUS’ supply chain was successfully compromised by trojanizing one of the company’s notebook software updaters named ASUS Live Updater which eventually was downloaded and installed on the computers of tens of thousands of customers according to experts’ estimations. The tampered with binaries were signed using a legitimate certificate which helped the attackers avoid breaking the digital signature and having the malicious updater flagged.
Among the similarities, they discovered that the ASUS samples and the newly found ones were both using very similar algorithms to calculate API function hashes, while the IPHLPAPI.dll was heavily used within all malware samples for various reasons. As in the ASUS case, the samples were using digitally signed binaries from three other Asian vendors: Electronics Extreme, authors of the zombie survival game called Infestation: Survivor Stories. Innovative Extremist, a company that provides Web and IT infrastructure services but also used to work in game development. Zepetto, the South Korean company that developed the video game Point Blank. Besides these three Asian gaming companies, Kaspersky was also able to find three other organizations which were successfully compromised, “another video gaming company, a conglomerate holding company and a pharmaceutical company, all in South Korea.”