Chronicle of the Supply Chain Attack and Two Attack Strategies
The attacker group involved in ASUS incident is actively targeting companies in specific countries as well as global companies. KrCERT analyzed various supply chain attacks targeting Korean companies, and confirmed artifacts, malware code similarities. In addition, the team identified two strategies for supply chain attack (SW development environment penetration, update server penetration).