Amazon and Apple were among 30 companies targeted by Chinese spies through a tiny microchip that infiltrated the supply chain for American technology firms, according to Bloomberg.
The Bloomberg Businessweek investigation found that Chinese operatives managed to insert microchips, no bigger than a grain of rice, into hardware supplied to US firm Supermicro, described as one of the world’s biggest sellers of server motherboards.
Supermicro’s compromised motherboards were built into the servers of the US companies targeted. China’s reported goal was to access these data centers and swipe confidential information. No consumer data is known to have been stolen, Bloomberg said.
Amazon first spotted the microchips while doing the due diligence for its $500 million acquisition of US video service firm Elemental in 2015. Amazon hired a third-party to test Elemental’s servers, which had been put together by Supermicro. After spotting tiny chips on the servers’ motherboards which were not part of the original design, Amazon reported its findings to US authorities, “sending a shudder through the intelligence community.” A secret investigation remains open three years later.
Citing three internal sources, Bloomberg said Apple also discovered the malicious chips in motherboards supplied by Supermicro in 2015. A year later, Apple ended its relationship with Supermicro for what it described as unrelated reasons.
Amazon, Apple, and Supermicro did not immediately respond to Business Insider’s request for comment. All three companies, however, strongly disputed the findings in statements to Bloomberg.
Amazon said: “It’s untrue that Amazon Web Services knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental.”Apple added: “Apple has never found malicious chips, ‘hardware manipulations’ or vulnerabilities purposely planted in any server.”
Supermicro said it was unaware of an investigation, while US investigators, including the FBI, declined to comment. The Chinese government did not address the report. “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim,” it told Bloomberg.
Bloomberg said its report was based on confirmations of the hack by 17 unnamed people. These included six current and former national security officials, two Amazon insiders, and three sources at Apple.
One official told Bloomberg Businessweek that investigators found that the microchip problem affected almost 30 companies, including a major bank and government contractors.