In a stunning report last week, Bloomberg revealed that motherboards from the San Jose-based Supermicro had been compromised. On them sat a tiny microchip that wasn’t part of the board’s design.
The boards with a backdoor were seen in Amazon’s Elemental servers, which were allegedly supplied to a number of government agencies and US companies. A lengthy investigation revealed that a Chinese subcontractor planted the chips.
It now seems that some Supermicro servers were also infiltrated with malware. Facebook and Apple have admitted that malware was found on a very small portion of their servers.
Facebook And Apple Response
Bloomberg says a Supermicro online portal that provided software updates was breached by China-based attackers in 2015. They modified the firmware for network cards with malicious code that let hackers take over a sever’s communications.
“In 2015, we were made aware of malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs,” said Facebook to Bloomberg. “While Facebook has purchased a limited number of Supermicro hardware for testing purposes confined to our labs, our investigations reveal that it has not been used in production, and we are in the process of removing them.”
Though Apple denies it was hit by the microchips, it did admit to finding malware on one of its servers.
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” said a spokesperson. “Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
Though the scale of the malware attack was small according to these companies, it’s still significant. China’s ministry of foreign affairs previously called the country a “resolute defender of Cybersecurity”.
It’s also particularly important for Facebook, who has been subject to a number of data breaches over the past year. The Cambridge Analytica scandal exposed the personal information of up to 83 million users.
Just last week, Facebook announced a hack that may have affected a further 50 million users. The company is yet to disclose how it happened or who the attackers were. The latest reveal is a very bad look for a company that has failed its users several times.