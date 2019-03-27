Bloomberg

Asustek Computer Inc (華碩) rejected a cybersecurity firm’s estimate that a sophisticated attack last year might have infected more than 1 million users of its devices, saying that only several hundred PCs were infiltrated.

Kaspersky Lab in a report said that attackers used stolen digital certificates to insert malicious code into the Taiwanese PC giant’s live software-update system, which might then have installed backdoors on computers.

It discovered the infiltration in January, which it dubbed Operation Shadowhammer and said that it possibly ran from June to November last year.

However, Asus spokesman Nick Wu (吳長榮) said that the attacks affected only several hundred devices.

The company had since helped customers fix the problem, patched the vulnerability and updated their servers, Asus said in a separate statement.

It is unclear who the perpetrators were or what their motives might have been.

Cyberattacks are on the rise globally as online information becomes increasingly valuable and connected devices proliferate.

So-called supply-chain infiltration, in which attackers target the infrastructure of computer and device vendors, has become one of the most effective vectors for the spread of malware, Kaspersky said.

“The selected vendors are extremely attractive targets for APT [advanced persistent threat] groups that might want to take advantage of their vast customer base,” Vitaly Kamluk, director of global research and analysis team APAC, said in the report, referring to hacking teams.