Hello Tenable Community,

Motherboard has reported a supply chain attack on ASUS computers dubbed Operation ShadowHammer.

Motherboard reports:

"...ASUS was used to unwittingly install a malicious backdoor on thousands of its customers’ computers last year after attackers compromised a server for the company’s live software update tool. The malicious file was signed with legitimate ASUS digital certificates to make it appear to be an authentic software update from the company, Kaspersky Lab says."

It appears as though the attackers have a preset list of MAC addresses they were looking to infect, and those devices were the targets of this operation. It's unknown at this time whom the intended targets might be.

Kaspersky has created a dedicated search page for users to see if they were affected based on a list of targeted MAC addresses.

Users can also use YARA based scanning with available YARA rules like this one to scan their systems for any potential infection. For a full guide in using YARA based scanning, please visit our blog here.

Tenable will continue to monitor the situation for any updates.