SuperMicro supply chain breach (since 2010)
Date | First discovered in early 2010.[1] |
---|---|
Suspected actor | According to Intel, APT 17 (also known as Sneaky Panda or Deputy Dog), a Chinese state-sponsored group, was behind the operation.[1] |
Target | Various government agencies and private sector organizations, including Apple, Amazon, Intel, and the US Department of Defense.[1] |
Target systems | Computers containing hardware made by Super Micro Computer Inc.[1] |
Method | SuperMicro’s motherboards reportedly featured an extra chip the size of a grain of rice,[2] loaded with code that created a backdoor to the user’s servers.[1] |
Purpose | Possibly data exfiltration and cyber espionage.[1] |
Result | In 2018, Bloomberg estimated that there were 30 organizations that had suffered breaches but were unaware of that fact.[2] The total number of organizations breached remains unknown.
In addition, military data was exfiltrated from the US Department of Defense.[1] |
Aftermath | SuperMicro has denied the reports and any culpability.[3] However, the company admitted in 2019 that it had suffered “unauthorized intrusions” into its network that began in 2011 and ceased in 2018.[1] A security audit conducted by SuperMicro did not reveal the presence of any malicious chips.[4] Nonetheless, the company moved its manufacturing out of China.[5]
China has denied the allegations made against it, describing them as “attempts to discredit China and Chinese enterprises”.[1] Apple stopped using SuperMicro’s motherboards for “unrelated reasons”.[2] By contrast, at least some US government agencies continued to purchase the company’s products, although reportedly for unclassified purposes.[1] |
Analysed in | Scenario 02: Cyber espionage against government departments |
Collected by: Michaela Prucková
- ↑ 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1.8 1.9 J Robertson and M Riley, ‘The Long Hack: How China Exploited a U.S. Tech Supplier’ Bloomberg (12 February 2021)
- ↑ 2.0 2.1 2.2 J Robertson and M Riley. ‘The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies’ Bloomberg (4 October 2018)
- ↑ SuperMicro, ‘Supermicro Statement on Bloomberg’s Claims’ (12 February 2021)
- ↑ SuperMicro, ‘Testing Finds No Malicious Hardware on Supermicro Motherboards’ (11 December 2018)
- ↑ S Moss, ‘Supermicro to move manufacturing out of China to quell the spy chip rumors it denies’ Data Centre Dynamics (7 May 2019)