Supply chain
β Supply Chain
Webstorage users Third-Party Breach (May 2019)
Primary Source βIncident Details
ASUS WebStorage abused to spy on users at the router level. Vulnerable software is potentially facilitating surveillance and data theft. The ASUS WebStorage system is being actively abused to perform Man-in-The-Middle (MiTM) attacks, researchers say. ESET researcher Anton Cherepanov published a report detailing attack vectors related to WebStorage, ASUS’s cloud storage service, on Tuesday. Third-party company: ASUS Webstorage.
Technical Details
- Initial Attack Vector
- Compromise of third-party service provider / vendor relationship
- Vendor / Product
- ASUS Webstorage
- Supply Chain Attack
- β Confirmed third-party / vendor compromise
Timeline
- 2019-05-01 Breach occurred
- 2019-05-14 Publicly disclosed