The ASUS supply chain attack discovered by @kaspersky and outlined in this @motherboard article is a great example of why traditional signature based AV is NOT a defense against advanced threats. The first stage payload was only targeting about 600 machines. 1/6

And the machines were being targeted by MAC address. We don't know how the attackers came to learn the MAC addresses of the machines they were targeting - MAC addresses aren't exposed over the Internet. I'm honestly more interested in the targeting than the ASUS compromise. 2/6

So how did attackers get MAC addresses for targeting? A few ideas: 1. Previous supply chain attacks linking a particular ASUS machine to a given user. 2. Close access wireless surveys. Would love to know if these MAC addresses are for wireless adapters. 3/6