With access to the update server, the attackers were able to distribute malicious files that appeared legitimate because they were given an ASUS digital certificate to make them appear to be authentic. Instead, the phony software updates gave the attackers a backdoor to access infected devices. Kaspersky estimates that about half a million Windows machines received the backdoor from ASUS' update server. However, the attackers appear to have only been targeting about 600 systems. The malware was designed to search for machines by their MAC address. It's not clear for what reason that the attackers focused on that small subset of machines.
Attacks on the supply chain, specifically update servers, are growing more common. Microsoft suffered a similar attack in 2012 when hackers distributed a spying tool called Flame via the Windows updating tool. Popular apps like CCleaner and Transmission were at one point compromised and unknowingly distributing malware to users. Perhaps most notably, the notPetya cyberattack that hit thousands of machines across Europe, Asia, Australia and the US was carried out through a malicious update to an accounting software tool.