Leading computer maker ASUS suffered a cyber attack that allowed hackers to send malware to more than 50,000 customers, researchers claim.
After compromising the Taiwan-based tech company's server, the hackers made it appear as though ASUS was sending legitimate software updates to its users that were laden with malicious software, according to a cyber security firm.
Kaspersky Lab is describing the ASUS hack as a “one of the biggest supply-chain attacks ever.”
It is unclear who is behind the attack on the ASUS Live Update Utility but it was discovered by Kaspersky through its antivirus software, which is installed on tens of thousands of ASUS computers.
Kaspersky recorded 57,000 infected ASUS laptops but estimated that the update was likely distributed to one million. It appeared that the attackers were only targeting about 600 specific machines, it added.
One of the world’s largest PC vendors, ASUS manufactures desktop computers, laptops and mobile phones.
The malware went undetected for several months because it used legitimate ASUS signatures and looked authentic to those who received a notification telling them to update their computer.
Kaspersky claims that ASUS sent the "backdoor" to customers for at least five months last months last year before it was discovered. The researchers first discovered the cyber-attack, which took place between June and November last year, in January. It says that it has notified Asus and that its investigation is ongoing. The hack was first reported by Motherboard.