Operation ShadowHammer was a classic backdoor attack: It breached victims' networks and installed programs to enter and exit the network at will. It's also an example of a supply chain attack, which targets the less secure elements of a company's supply chain network, such as software vendors and third-party suppliers.
To facilitate the attack, hackers altered an old version of the Asus Live Update Utility software and distributed their modified version to Asus computers around the world. The software looked legitimate: It was signed with legitimate Asustek certificates, it was stored on official servers, and it was even the same file size. Once planted, the backdoor program gave the attackers control of the target computers through remote servers, letting them install additional malware.
Wired traces the attacks back to a Chinese hacker group known as Barium. Barium is known to deploy advanced persistent threat attacks, which often remain undetected well after the initial infection.