ZDNet reported recently that ASUS computers running Windows 10 were targeted by APT (advanced persistent threat) attacks being called Operation ShadowHammer. These APT attacks are known to leverage a less known vulnerability and keep using it for a long time. According to ASUS, these APT attacks are initiated by a couple of rogue countries. In this case, these APT attacks abused some vulnerabilities present in an older version of ASUS Update Tool that comes installed on ASUS computers. ASUS has already released an update to the Live Update tool.
If you want to know whether you were affected by the ASUS ShadowHammer hack, then there are two tools available – one is released by Russian security giant Kaspersky and the second is by ASUS.
1. Check Using Kaspersky ShadowHammer Check Tool
- Press Win+R, type cmd and press Enter to open command prompt. Alternatively, you can press Win+X and then select Command Prompt from the menu.
- In the command prompt, type ipconfig /all and press Enter. Note down the Physical Address (also known as the MAC address) for all the adaptors that have a network connection (for which “Media disconnected” is not being displayed).
- Visit https://shadowhammer.kaspersky.com/ in your web browser. Copy-paste or type in the “Physical Address” you noted down in the second step and click on Check Now button.
- In a few seconds, it will display the results and show you if you were affected by the ShadowHammer hacking attack or not. If you were affected, then you should restore Windows back to factory settings or contact ASUS for further help.
2. Check Using ASUS Diagnostic Tool
- Visit https://www.asus.com/News/hqfgVUyZ6uyAyJe1 and download the ASUS Diagnostic Tool. You can also get the version 1.0.10 of the tool through the direct link – https://dlcdnets.asus.com/pub/ASUS/nb/Apps_for_Win10/ASUSDiagnosticTool/ASDT_v1.0.1.0.zip
- Extract the contents of ZIP file to a folder and double-click on the ASDT.EXE file.
- In a few seconds, it will display whether your computer was affected or not.
For more information about the Operation ShadowHammer attack against the ASUS computers, you can read Kaspersky’s SecureList article at https://securelist.com/operation-shadowhammer/89992/.
ASUS tool said it is only for ASUS machines, apparently an ASUS motherboard doesn’t count
I guess it works for ASUS branded computers and notebooks.