Operation ShadowHammer was a state-sponsored supply chain attack identified by Kaspersky in January 2019, involving the trojanization of the ASUS Live Update Utility, a pre-installed software on ASUS computers. This operation, active from June to November 2018, leveraged legitimate digital signatures and official ASUS servers to distribute backdoored updates, affecting potentially over a million users globally. Its primary motivation was espionage, aimed at surgically implanting backdoors for data collection or further compromise on a highly specific set of targets, identified through a unique mechanism of hardcoded MAC addresses. This precise targeting of a few hundred specific systems amid a mass infection of a popular vendor's software sets Operation ShadowHammer apart, exemplifying a supply chain compromise that exploited trust in a major hardware manufacturer. The group behind it is assessed with high confidence to be BARIUM, a Chinese-speaking threat actor also linked to ShadowPa