600 specific MAC addresses, there's very interesting.
“They were not trying to target as many users as possible,” said Kamluk. “They wanted to get into very specific targets and they already knew in advance their network card MAC address, which is quite interesting.”
600 specific MAC addresses, there's very interesting.
An update from Kapsersky Labs. Most notably: Looking up BARIUM & Winnti gets me this report from ProtectWise's research group, which claims BARIUM is under the umbrella of Chinese state...
Although precise attribution is not available at the moment, certain evidence we have collected allows us to link this attack to the ShadowPad incident from 2017. The actor behind the ShadowPad incident has been publicly identified by Microsoft in court documents as BARIUM. BARIUM is an APT actor known to be using the Winnti backdoor. Recently, our colleagues from ESET wrote about another supply chain attack in which BARIUM was also involved, that we believe is connected to this case as well.
Looking up BARIUM & Winnti gets me this report from ProtectWise's research group, which claims BARIUM is under the umbrella of Chinese state intelligence actors. Also, as for the 600 MACs targeted:
Initial attack targets are commonly software organizations in the United States, Japan, South Korea, and China. Later stage high profile targets tend to be political organizations or high-value technology companies.
Motherboard posted an article about this that has a fair amount more information: https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
600 specific MAC addresses, there's very interesting.
An update from Kapsersky Labs. Most notably:
Looking up BARIUM & Winnti gets me this report from ProtectWise's research group, which claims BARIUM is under the umbrella of Chinese state intelligence actors. Also, as for the 600 MACs targeted: