Last year, a group of hackers compromised the Live Update tool for Asus computers, using it as a vehicle to distribute malware to nearly one million Asus users that were simply attempting to update their systems. While the scope of this particular attack was already significant, it now appears that it was not an isolated incident, as security firms Kaspersky and ESET have connected it to yet another attack, which targeted three video game developers.
It has recently been revealed that the hackers behind the Asus attack additionally targeted the Microsoft Visual Studio development tool. This allowed these hackers to plant malware in the games of three developers that were using a corrupted version of the tool, which, in turn, led to the verified infection of 92,000 computers. To note, both Kaspersky and ESET indicate that the total number of infected systems is likely to be much higher than this verified figure.
While one of the developers involved in the attack has not yet been publicly identified, two have: Electronics Extreme and Zepetto. So too, the names of two of the infected games have been revealed as the unfortunately-titled Infestation from Electronics Extreme and PointBlank from Zepetto.
Notably, the verified infections are almost all on systems located in Asia, with ESET indicating that the bulk of these corrupted computers were in Thailand. Furthermore, it has been stated that the malware was designed to be nonfunctional on systems using Simplified Chinese, lending credence to some security researchers’ belief that the hackers behind these supply chain attacks are located in mainland China.
What makes the attack against the three developers so nefarious is that the corruption occurred prior to the distribution of the games in question. This resulted in the developers marking the software as legitimate, through digital signatures, despite the included malware. In Wired’s report on the attack, it is noted that this goes a step beyond what occurred with Asus, where the hackers had to utilize an infected Asus server to sign the compromised update files themselves.
The report from Wired further notes that Kaspersky‘s Vitaly Kamluk believes that “there are many software developers out there who are completely unaware of this potential threat.” As such, if game developers do not make fundamental changes to how supply chain attacks are identified, further corruptions of this nature are a very real possibility.
Source: Wired
