ASUS Responds to ShadowHammer APT Attacks by Playing Down the News

Last updated May 26, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Following yesterday’s news about the “Operation ShadowHammer” that involved a large-scale backdoor planting operation which took advantage of ASUS’s update server and certification system infrastructure, the hardware manufacturer has responded with a reassuring post. According to the Taiwanese company, the malicious attackers targeted a very small and specific user group, leaving regular customers untouched, so their decision not to disclose the incident was based on that fact. Moreover, ASUS claims to have fixed the Live Update software that was used as the payload wagon by the attackers, with version 3.6.8 resolving all problems.

ASUS claims to have implemented additional security verification mechanisms for their software updates, and also to have incorporated a new and stronger end-to-end encryption system that will make the work of malicious attackers harder. Moreover, they have updated and strengthened their server-to-end-user software architecture to make it impossible for similar attacks to be carried out in the future. For those who worry about the possibility of being one of the targets, ASUS has created a special diagnostic tool, although they do point out that the chances of being a target are extremely low. If you find that you are a target however, the designated action should be to back up your files and restore your OS to factory settings. This should be enough to remove the planted malware from your system.

Kaspersky Labs has made the revelation, after having informed ASUS of the ShadowHammer operation that took place last year, and after waiting for over two months for them to do something about it. It looks like ASUS wasn’t planning to let their customers know about this, as ZDNet reports that they even tried to have the Russian security researchers sign a non-disclosure agreement. Thankfully, Kaspersky acted ethically, and disclosed the story to the public, opening up the gates for regulatory agencies to revisit ASUS.

In the middle of all this, are the regular ASUS customers who have lost their trust to the vendor, and have a multitude of questions that still remain unanswered. For example, does the Live Update 3.6.8 renders you safe if the malware has been downloaded in the system through a previous version of the tool? How did the hackers manage to compromise ASUS update servers? How did they get their hands on the MAC addresses of the people who they wanted to target? How many people were actually impacted during the 2018 attacks?

As an ASUS customer, are you satisfied with the company’s official response? Let us know in the comments section below, and don’t forget to like and subscribe on our socials, on Facebook and Twitter.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: