An investigation into a potentially devastating cyberespionage campaign allegedly conducted by Chinese state-sponsored threat actors may have compromised systems belonging to Apple, Amazon, a major bank, and USA government contractors.
Bloomberg reported that AWS uncovered the malicious chips in 2015 when examining servers manufactured by a company known as Elemental Technologies, which AWS eventually acquired. AWS subjected the company to a security audit, which raised flags in the servers that Elemental customers needed to install on their networks to handle the video compression software.
On Wednesday, the USA government warned that a hacking group known as cloudhopper - which cybersecurity firms have linked to the Chinese government - has launched attacks on technology service providers to steal data from their clients.
According to officials cited in the report, some 30 companies were affected.
Amazon and Apple denied the Bloomberg report.
"Apple is deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed", Apple told AppleInsider. The report says that the chips would connect to certain remote systems to receive instructions and could then do things like modify the running operating system to remove password validation, thereby opening a machine up to remote attackers.
However, Bloomberg's sources are adamant. S. government agencies, which would give Beijing secret access to internal networks.
Super Micro said in a statement that it "has never been contacted by any government agencies either domestic or foreign regarding the alleged claims". Bloomberg said Amazon alerted United States authorities, who are still investigating. Bloomberg quoted "three senior insiders" as saying they had also discovered the tiny chips, which Bloomberg said were much smaller than a penny and were created to transmit information back to China about the data flowing across the servers.
Update 15.02 BST: At the time of writing, five hours after Bloomberg's investigation was released, Supermicro's share price is down 30.42 percent to $14.89. In a statement to CNBC, Apple said it found a single infected driver on one Super Micro server in a lab, calling it a one-time event. It was this incident which may have led to the severed business relationship back in 2016, rather than the discovery of malicious chips or a widespread supply chain attack.
Supermicro said in its statement, "We are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard". The outlet said the hacking is "the most significant known supply chain attack ever against US companies".
Two prominent U. S. cybersecurity companies warned this week that Chinese hacking activity has surged amid a trade war between Washington and Beijing.