The revelation comes from a source who has now decided to go on the record about claims made in a Bloomberg article last week that Chinese spies managed to access servers owned by dozens of top U.S. tech companies by tampering with hardware.
Bloomberg’s source—security expert Yossi Appleboum, who withheld the name of the telecom firm to avoid violating a non-disclosure agreement—says the implant was built into a server’s Ethernet port, giving Chinese hackers access to the company’s networks.
Appleboum, who was the first to identify the tampering, reportedly provided documents and other evidence to corroborate his claims that the Chinese government hired contractors to install malicious chips in Supermicro motherboards from 2013 to 2015.
Bloomberg’s original article on Chinese tampering was heavily criticized for relying on anonymous sourcing. Amazon and Cupertino’s Apple responded to the investigation with detailed takedowns of the reporting, which shook the public’s faith in the initial story.
Supermicro, whose shares plummeted by 41 percent Oct. 4 after the initial revelations of tampered chips and by 27 percent after the latest report this week, emphatically denies allegations that it sold compromised hardware.
“We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found,” the company told Bloomberg. “We are dismayed that Bloomberg would give us only limited information, no documentation and half a day to respond to these new allegations.”
On Monday, Apple execs sent a letter to the House and Senate commerce committees urging lawmakers to pressure Supermicro to brief them about the alleged breach.
Appleboum told Bloomberg that Supermicro isn’t the only victim of Chinese tampering. “Supermicro is a victim,” he told the publication. “So is everyone else.”