A CHINESE SUPPLY CHAIN ATTACK infiltrated servers used by nearly 30 companies, including Apple, Amazon and US government contractors, according to a blockbuster report from Bloomberg Businessweek.
The operation saw a branch of China's armed forces, known as the People's Liberation Army, forcing Chinese manufacturers to insert chips the size of a grain of rice into US-designed servers during the equipment manufacturing process, the report claims.
These chips, which Bloomberg says have been the subject of an ongoing top-secret US government investigation since in 2015, were used for gathering intellectual property and trade secrets from American companies and may have been introduced by a Chinese server company called Super Micro, which assembled machines for Elemental Technologies.
In total, Bloomberg says, the hack - which US officials have branded as "the most significant supply chain attack known to have been carried out against American companies," allowed the Chinese government to spy on almost 30 American companies.
The attack was reportedly uncovered following Amazon Web Services' (AWS) $500m September 2015 acquisition video encoding startup Elemental Technologies. AWS subjected the company to a security audit, which raised flags in the servers that Elemental customers needed to install on their networks to handle the video compression software.
A closer examination of the servers revealed a tiny chip embedded on the motherboard, which wasn't included in the original design.
Amazon reported the discovery to US authorities, according to Bloomberg, which reports that the findings "sent a shudder through the intelligence community" as Elemental's services were also used by the Department of Defense, the CIA's drone operations, and the onboard networks of Navy warships.
Three "senior insiders" claim that Apple found malicious chips on Supermicro motherboards, also in 2015, and severed its ties with the company the following year.
Both Amazon and Apple strongly refute Bloomberg's report.
"It's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental," Amazon told Bloomberg.
An Apple spokesperson said: "We are deeply disappointed that in their dealings with us, Bloomberg's reporters have not been open to the possibility that they or their sources might be wrong or misinformed.
"Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple."
However, Bloomberg's sources are adamant. "The companies' denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government's investigation." µ
Handset will set gaming nerds back £799
And some have yet to be fully mitigated
The 7nm chip promises to be a powerhouse
Mozilla's Monitor 2.0 is adding notifications for website breaches