Apple confirms a limited Supermicro malware attack – Mashable
Correction 9/6/2018, 12 p.m. PT:
A previous version of this story stated that Facebook had confirmed the presence of infected Supermicro servers in its testing labs. This was not the case. Facebook heard from industry groups that Supermicro servers may have been affected. It has not confirmed whether or not these testing lab servers were compromised. The story has been corrected to reflect the record.
The plot thickens.
In a follow-up to its bombshell report about a Chinese supply-chain attack on major U.S. companies including Apple and Amazon via the server manufacturer Supermicro, Bloomberg says bad actors also infiltrated the servers with malware.
In a departure from Amazon and Apple’s denial over the previous reports, Apple confirmed that it found malware on their Supermicro servers.
Apple says it discovered malware on a single server in 2016. This does not conflict with its denial of hardware attack; in fact, it bolsters it, because Apple cites the malware as the reason it dropped Supermicro as a vendor in its official statement — not the presence of malicious microchips in servers.
Apple wasn’t the only company that may have been vulnerable. Facebook said that, in 2015, industry partners made the company aware of “malicious manipulation of software related to Supermicro.”
At the time, Facebook had purchased “a limited number of Supermicro hardware, for testing purposes confined to our labs.” Its investigation found that Facebook wasn’t using any Supermicro servers or motherboards outside of lab settings. Now, Facebook is in the process of removing the servers, although it has not found malware.
Still, it’s in Facebook’s interest to be diligent, especially given the recent data breach that affected 50 million people.
Apple’s confirmation and Facebook’s awareness of the issue is significant because it confirms that Chinese actors have made attempts to compromise U.S. security. This is something the Chinese government is denying, per Bloomberg. What’s unclear now is the extent of the breach and whether, or why, Amazon and Apple may have had reason to deny the chip attack.