The report by Bloomberg News, which cited unidentified US officials, said the malicious chips were inserted into equipment supplied by Supermicro Computer Inc.to American companies and government agencies.
A detailed analysis of the Bloomberg report on technology site The Register noted both Apple and Amazon "would want to keep any highly confidential information and contacts with intelligence services as quiet as possible". Both have since denied these claims and it looks like the UK's GCHQ and the US Department of Homeland Security are in agreement. Apple denied the report, and said that Bloomberg is confusing an event that took place in 2016 when the company found an infected driver on a single Super Micro server in one of its labs. But the three companies featured in the story-Apple, Amazon, and Supermicro-have all issued broad and strongly worded denials. "Nothing was ever found", he wrote.
Apple Inc. told USA lawmakers that its servers weren't compromised and sought to assure them that the company's global supply chain is secure.
Apple and Amazon, two companies identified as victims of the hack, refuted Bloomberg's claims in statements on their websites. Apple's Vice President for Information Security Goerge Stathakopoulos in a letter to the Senate and House commerce committees said that Apple made repeated investigations but did not find any evidence whatsoever which support the claims made in the Bloomberg report.
"In essence, this story seems to pass the sniff test", saysTheo Markettos, who is on the security team at Cambridge University's Computer Lab.
"In light of your important leadership roles in Congress, we want to assure you that a recent report in Bloomberg Businessweek alleging the compromise of our servers is not true", read the letter published by Apple Insider. It said that USA investigators had found that Chinese agents operating on behalf of the People's Liberation Army had used a combination of subterfuge, bribery, and threats to insert the compromising chips during various stages of Supermicro's supply chain, after which point they would have been almost impossible to detect and given backdoor access to the systems they were implanted in.
Bloomberg has stuck by its report, insisting on its veracity.