U.S. Markets open in 7 hrs 10 mins

Hackers created a secret backdoor in 'hundreds of thousands' of Asus computers using software update

Olivia Feld
A cyber security firm has described the ASUS hack as a “one of the biggest supply-chain attacks ever.” - REUTERS

Leading computer maker ASUS suffered a cyber attack that allowed hackers to send malware to more than 50,000 customers, researchers claim.

After compromising the Taiwan-based tech company's server, the hackers made it appear as though ASUS was sending legitimate software updates to its users that were laden with malicious software, according to a cyber security firm.

Kaspersky Lab is describing the ASUS hack as a “one of the biggest supply-chain attacks ever.”

It is unclear who is behind the attack on the ASUS Live Update Utility but it was discovered by Kaspersky through its antivirus software, which is installed on tens of thousands of ASUS computers.

Kaspersky recorded 57,000 infected ASUS laptops but estimated that the update was likely distributed to one million. It appeared that the attackers were only targeting about 600 specific machines, it added.

One of the world’s largest PC vendors, ASUS manufactures desktop computers, laptops and mobile phones.

The malware went undetected for several months because it used legitimate ASUS signatures and looked authentic to those who received a notification telling them to update their computer.  

Kaspersky claims that ASUS sent the "backdoor" to customers for at least five months last months last year before it was discovered. The researchers first discovered the cyber-attack, which took place between June and November last year, in January. It says that it has notified Asus and that its investigation is ongoing. The hack was first reported by Motherboard.

Moscow-based Kaspersky was once one of the most popular antivirus and computer security providers, but last year was banned from use on US and UK government computers and taken off supermarket shelves after the US accused it of providing its own backdoors from US computers to the Kremlin.

In 2017, the US said that confidential files containing classified information had been saved on Kaspersky’s servers in Russia.

ASUS has not responded to a request for comment.