In January 2019, Kaspersky discovered ASUS supply chain attack and called it Operation ShadowHammer, conducted by the BARIUM APT group.
Since 2010, The BARIUM APT Group targets game and software development companies from around the world. This group has attempted advanced and intelligent cyber attacks mainly using ‘winnti’ and ‘PlugX’ malware.

The Korea Internet & Security Agency (KrCERT/CC) analyzed several supply chain attack in Republic of Korea. And we confirmed the relationship between the ASUS Incident and supply chain attack in Korea.

We will talk about supply chain attack’s TTPs of BARIUM Group.

This group used two strategies for supply chain attack:
1. Compromise SW development environment.
2. Compromise update servers