In 2018 Bloomberg ran a story that claimed that China had embedded tiny microchips on Supermicro computer server processor boards in 2015. Everyone denied it – Supermicro, the intelligence community (IC), China.
Supply chain attacks seem to be everywhere these days and this is another one.
I don’t know if it is true, but why would Supermicro or China admit what what going on. The IC might know but might not want China to know how much they know and when they knew it.
While Bloomberg took a lot of heat for the story at the time, they never gave up on it and continued to investigate.
Well this week Bloomberg wrote chapter two of the story.
They are saying that China targeted Supermicro products for over a decade, that the IC was aware of it and that they kept it quiet because they were studying it and trying to figure out how to counter it.
14 former law enforcement and IC sources confirmed the story to Bloomberg.
According to Bloomberg, the Pentagon detected the chip implant back in 2010. Intel detected that China had hacked it in 2014 and the FBI issued a private warning to multiple companies in 2015 telling them that China had planted a surprise inside their computers.
Bloomberg also says that the Feds got a FISA warrant in 2012 to surveil several Supermicro employees.
And of course, Supermicro issued a new denial.
Would you expect anything else?
Remember also that it is well documented that the NSA did hardware implants for years.
You get to figure it out.
However, I do recommend you dust off that vendor cyber risk management program and see if you are doing all that you can do. Credit: The Register