Apple, Amazon deny report on Chinese hardware attack through ‘Supermicro’ chip
Bloomberg reported that the malicious chips were planted by a unit of the Chinese People’s Liberation Army, which infiltrated the supply chain of a hardware company called Supermicro
Apple and Amazon denied a Bloomberg report on Thursday that their systems contained malicious computer chips inserted by Chinese intelligence, statements from the tech companies released separately by Bloomberg showed.
Bloomberg Businessweek cited 17 unnamed intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple US government agencies, which would give Beijing secret access to internal networks.
Reuters was unable to reach Apple, Amazon or representatives with the FBI, Dept of Homeland Security Agency and National Security Agency for comment.
China's Ministry of Foreign Affairs did not immediately respond to a written request for comment on Thursday. Beijing has previously denied allegations of orchestrating cyber attacks against Western companies.
Amazon, in a statement published by Bloomberg, said: "We've found no evidence to support claims of malicious chips or hardware modifications."
Apple said it had refuted "virtually every aspect" of the story in on-record responses to Bloomberg. "Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server," the company said.
Bloomberg reported that the malicious chips were planted by a unit of the Chinese People's Liberation Army, which infiltrated the supply chain of a hardware company called Supermicro. The operation is thought to have been targeting valuable commercial secrets and government networks, the news agency said.
A representative for Supermicro at its European headquarters in the Netherlands said the company was unable to provide an immediate comment.
There have been increased concerns about foreign intelligence agencies infiltrating U.S. and other companies via so-called "supply chain attacks", particularly from China where multiple global tech firms outsource their manufacturing.
The U.S. government on Wednesday warned that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.
The warning came after experts with two prominent US cybersecurity companies warned this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.