motherboard.vice[.]com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
securelist[.]com/operation-shadowhammer/89992/
kaspersky[.]com/about/press-releases/2019_operation-shadowhammer-new-supply-chain-attack
Big News!
This is perhaps the worst sort of attack or compromise possible... Malware was signed using stolen certificates so it appears legitimate to Windows etc. That malware was then delivered by legitimate update software &/or services. Users for the most part could not protect themselves. While ASUS has been confirmed as a target, 3 other *undisclosed* companies with large customer bases were also compromised in a similar fashion.