嗯,用户让我帮忙总结一下这篇文章的内容,控制在100个字以内,而且不需要用“文章内容总结”之类的开头,直接写描述就行。好的,我先看看文章讲了什么。 文章主要讲的是ASUS确认第三方供应商被黑客入侵, Everest 勒索软件团伙泄露了数据,并声称还入侵了ArcSoft和Qualcomm。ASUS表示,这次事件暴露了一些手机摄像头的源代码,但没有影响到产品、内部系统或用户数据。公司正在加强供应链的安全措施。 接下来,Everest团伙在他们的Tor网站上发布了ASUS的数据,并详细列出了泄露的信息内容,包括源代码、AI模型、测试视频等。他们声称窃取了1TB的数据,并发布了部分被盗文件的图片作为证据。 专家指出,源代码的泄露意味着有人现在掌握了关键硬件的工作蓝图,这可能被用来发现可利用的漏洞。这不仅影响ASUS的产品,还可能成为攻击驱动程序、固件或其他集成系统的入口。 好的,现在我需要把这些信息浓缩到100字以内。要抓住关键点:ASUS供应商被黑、Everest团伙泄露数据、涉及ArcSoft和Qualcomm、泄露源代码但未影响产品和用户数据、专家警告潜在漏洞风险。 然后组织语言,确保流畅且信息完整。比如:“ASUS确认第三方供应商遭黑客入侵,Everest团伙泄露数据并声称入侵ArcSoft和Qualcomm。此次事件暴露部分手机摄像头源代码,但未影响产品及用户隐私。专家警告称,源代码泄露可能引发潜在安全风险。” 检查一下字数是否在100字以内,并且没有使用开头模板。看起来符合要求。 </think> ASUS确认第三方供应商遭黑客入侵, Everest团伙泄露数据并声称入侵ArcSoft和Qualcomm。此次事件暴露部分手机摄像头源代码,但未影响产品及用户隐私。专家警告称,源代码泄露可能引发潜在安全风险。 2025-12-4 15:53:1 Author: securityaffairs.com(查看原文) 阅读量:6 收藏
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
Pierluigi Paganini
December 04, 2025
ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm.
ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm.
ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or user data. The company is reinforcing supply-chain security.
“An ASUS supplier was hacked. This affected some of the camera source code for ASUS phones. This incident has not impacted ASUS products, internal company systems, or user privacy.” reads the company’s statement. “ASUS continues to strengthen supply chain security in compliance with cybersecurity standards. “
On December 2nd, 2025, the Everest ransomware group added ASUS to its Tor data leak site, below is the message published by the group:
“The files include data from ASUS, ArcSoft, Qualcomm
Files contain this information and much more:
Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files”
The cybercrime group claimed the theft of a database of 1 TB and published the images of some of the stolen documents as proof of the hack.
The theft of source code tied to ASUS camera modules means someone now holds a complete blueprint for how a critical piece of hardware works, hardware that may be embedded across countless businesses and households. That’s enough to discover a fully exploitable vulnerability.
“Don’t underestimate the indirect impact of a breach on the vendor hashtag.
The risk isn’t “the camera,” but the possibility that that weak point could become an entry point for exploits on drivers, firmware, updates, or third-party integrations.” Nicola Vanin, a popular Italian cybersecurity expert, wrote on LinkedIn.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
如有侵权请联系:admin#unsafe.sh