The company, in a fresh blog post issued on Wednesday, named three of these companies as Electronics Extreme, the maker of the zombie survival game Infestation: Survivor Stories; Innovative Extremist, a Web and IT infrastructure firm; and Zepetto, a South Korean firm that was behind the video game Point Blank.
The attacker was listed as an advanced persistent threat, which is code for a nation-state attacker; however, no country was named, nor was any possible reason for the attack advanced.
Three other organisations, which were also affected, were not named by Kaspersky Lab, merely being referred to as "another video gaming company, a conglomerate holding company and a pharmaceutical company, all in South Korea".
The initial report on ShadowHammer was published on 26 March, after it was leaked to freelance reporter Kim Zetter. More details were provided at Kaspersky Lab's annual Security Analyst Summit in Singapore.
The attacks on these additional firms were similar to that carried out on ASUS. The trojanised software used was signed with a legitimate certificate and hence did not arouse any suspicion.