Hackers Snuck Backdoors Into ASUS Software Updates, Infecting Thousands https://t.co/0Kf01FSBjR

— ZyroFoxtrot??⭐️⭐️⭐️ (@ZyroFoxtrot) March 26, 2019

I am often told I am unreasonably paranoid for doing so much work to mitigate supply chain attacks and pushing RISC-V and OpenPOWER. If you can't audit your hardware/firmware you should assume you are backdoored. First SuperMicro and now ASUS. Who is next? https://t.co/VloQztXZL7

— Lance R. Vick (@lrvick) March 26, 2019

ASUS, one of world’s largest computer makers, installed backdoor on thousands of customer computers last yr after hackers compromised its software update tool. The file was signed w/ ASUS digital certificates to make it look like authentic software update. https://t.co/ni17IEN6Tq

— Kim Zetter (@KimZetter) March 25, 2019

ASUS의 소프트웨어 업데이트 서버, ASUS Live Update 서버가 해킹되었습니다.

해커가 해당 서버에 침입해 수천대의 PC에 패치를 가장한 악성 멀웨어를 심었다고 카스퍼스키 랩이 밝혔습니다.

이는 메인보드는 물론 노트북, 데스크탑, 스마트폰, IoT까지 포함된다고 합니다.https://t.co/aMkYOr9s16

— Longhorni (@longhorn573) March 26, 2019

The always excellent @KimZetter on the ASUS software update attack. https://t.co/h8EPrsPTDX

— matt blaze (@mattblaze) March 26, 2019

This is absolutely insane. Hackers broke into an update server for laptop maker ASUS. The hackers then used it to push malware that looked like a legitimate ASUS update to thousands of computers. A golden supply chain attack leveraging update mechanisms https://t.co/tcq74Df6vg pic.twitter.com/AbRMhgteiq

— Joseph Cox (@josephfcox) March 25, 2019

Asus Live Updater was used in a big supply chain attack we dubbed Operation #ShadowHammer. We estimate this may have affected over 1 million computer users between June and Nov 2018. https://t.co/jTij3NwpSs

— Costin Raiu (@craiu) March 25, 2019

Automatic updates are a good idea... until the update software (or someone up in the supply chain) gets compromised. https://t.co/uuQpfSxa0L via @motherboard

— Alejandro Hevia (@ahevia) March 25, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers https://t.co/C4UP0Ek0mM

— Sami Laiho (@samilaiho) March 26, 2019

ASUS, the multi-billion dollar company, “was pushing the backdoor to customers for at least five months last year before it was discovered” FIVE MONTHS FIVE MONTHS https://t.co/0PZXdwzyD6

— jessie frazelle ??‍? (@jessfraz) March 26, 2019

Read this if you have #ASUS machine, and then go to https://t.co/9K5rSiUwJq and verify if your computer is affected.

This is the whole new level of shit ?#hacking #itsecurity #malware #shadowhammer #ASUSLiveUpdater @kaspersky https://t.co/gk95Vnso8o

— bl4de (@_bl4de) March 25, 2019

How to check if your Asus PC was hit by a malicious update: https://t.co/1stajaupSc pic.twitter.com/hQu3JuWLOH

— PCMag (@PCMag) March 26, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers https://t.co/cW1cAefqIb

— Ronald Prins (@cryptoron) March 25, 2019

Automatic updates are security holes.

"The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems."https://t.co/M6l6nBfTy6

— Matt Odell (@matt_odell) March 26, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers https://t.co/8GJ4e1Nm4a

— Anonymous Hispano (@anonopshispano) March 26, 2019

Bravo Asus ! Une bonne raison de virer systématiquement tous les bloatware des PC portables... - Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers https://t.co/A9qPH1QOQm

— Doc TB (@d0cTB) March 25, 2019

Yet another beautiful supply chain attack. Why beautiful? It's an exploitation of a fundamental system of trust that remains implicitly trusted. A security problem for which no fundamental solutions exist poses an exciting opportunity! https://t.co/3B5C7zxJfc

— Matt Graeber (@mattifestation) March 25, 2019

If you blindly trust in digitally signed vendor software or even file reputation, think twice & open your eyes to the reality. Supply-chain attacks like #ShadowHammer make zero trust architectures & out-of-band detection more relevant & practical than ever https://t.co/GTMdD1AQaq pic.twitter.com/G7xrwyhQWT

— Ismael Valenzuela (@aboutsecurity) March 26, 2019

Holy supply chain attack batman!@kaspersky found that attackers compromised ASUS and used their live update tool to install digitally signed malware, disguised as updates. Zero trust computing is starting to make more and more practical sense.https://t.co/vJDDLpljWZ

— Jake Williams (@MalwareJake) March 25, 2019

Proof that we as IT Admins need to stay on our toes. Hackers Snuck Backdoors Into ASUS Software Updates, Infecting Thousands<em></em> https://t.co/KZ4JNApTYg via @gizmodo

— Nick the IT Ninja (@NicktheITNinja) March 26, 2019

ASUS is believed to have pushed the #malware to hundreds of thousands of customers through its trusted automatic software update tool after #hackers compromised the company’s server and used it to push the malware to machines?https://t.co/R85J1he1Kx#CyberSecurity|#InfoSec pic.twitter.com/L1hZrgVsNr

— GTI Computers Ltd (@GTIComputersLtd) March 26, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computershttps://t.co/2voRyS2ZxL

Kaspersky - Operation ShadowHammerhttps://t.co/RqeommRn0E#BARIUM #Winnti #Asus

— Florian Roth (@cyb3rops) March 25, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers. #Cybersecurity #Cybercrime #Cyberattacks #Hackers #Hacking #Malware https://t.co/ppGpNP7kOG via @motherboard

— Aghiath chbib (@AghiathChbib) March 26, 2019

Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers https://t.co/K3q6A1U9Jc

— Rickey Gevers (@UID_) March 25, 2019

ASUS, a Taiwan-based tech giant, “was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool.” https://t.co/p7fQnsx7fu

— 4iQ Delve Deep (@4iQ) March 26, 2019

If you have any Asus computers, you need to read this now: https://t.co/rpE7RP4NhX

— Corey Nachreiner (@SecAdept) March 25, 2019

"“ASUS was one of the primary targets of the CCleaner attack. One of the possibilities we are taking into account is that’s how they intially got into the ASUS network and then later through persistence they managed to leverage the access” https://t.co/DSyyxvi2BF

— François Lesueur (@FLesueur) March 26, 2019

How to check if your Asus computer was hit by a malicious update: https://t.co/1stajaupSc pic.twitter.com/VFJvUHmrh9

— PCMag (@PCMag) March 27, 2019