- China reportedly inserted tiny malicious chips into the servers used by over 30 US tech giants.
- The massive supply chain attack allegedly allowed Chinese hackers to steal technology secrets, as well as government and corporate data.
The Chinese government reportedly managed to gain access to the servers and networks of over 30 US tech giants including Apple and Amazon by compromising America’s supply technology chain. China allegedly implanted tiny surveillance chips on the servers used by these firms, which, in turn, allowed them to steal technology secrets, as well as government and corporate data.
According to an extensive report published by Bloomberg, the servers used by these major US firms were manufactured in China. The primary goal of the attack was to gain an easy entry point into a company’s system, in order to grab potentially confidential and proprietary information.
The chips - that are believed to be the size of a grain of rice - allowed the attackers to create “a stealth doorway into any network that included the altered machines,” Bloomberg reported.
Attack began in 2015
Bloomberg reported that the attack against US firms began in 2015. The attackers reportedly compromised a US-based server motherboard specialist, Super Micro Computer Inc., by attaching tiny spy chips to the motherboards. These chips ended up in servers deployed in the US. At the time of the attack, there were 7,000 Supermicro servers in use by Apple, with most of them being facilitated for the Siri voice assistant function.
“Apple was an important Supermicro customer and had planned to order more than 30,000 of its servers in two years for a new global network of data centers. Three senior insiders at Apple say that in the summer of 2015, it, too, found malicious chips on Supermicro motherboards,” Bloomberg’s Jordan Robertson and Michael Riley wrote in their exclusive report.
Bloomberg’s report is based on the confirmation of Supermicro’s hardware manipulation provided by 17 anonymous sources. However, there has been vehement denials of the allegations by some of the named tech giants.
Amazon and Apple dismiss allegations of intrusion
In its report, Bloomberg said that the chips were discovered and reported to the FBI by Amazon. The firm reportedly found the malicious chips while examining servers manufactured by a start-up called Elemental technologies.
However, Amazon denied the allegation and said that it is not aware of any malicious chips.
“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental,” Amazon wrote, Bloomberg reported.
Commenting on the issue, Apple also claimed that it never found any malicious chip implanted on any of the hardware used by them.
“On this we can be very clear: Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server,” Apple said, Bloomberg reported.
Meanwhile, the Chinese government has maintained silence over the allegations of unauthorized intrusions. Instead, it addressed the matter by saying that, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.”