In brief: More evidence of Chinese State-sponsored hardware hacking emerges as a US telecommunications company is in the sights of the modded motherboard supply chain attack revealed by Bloomberg last week.
Bloomberg News has received information from security research firm, Sepio Systems, that a prominent US telecom has also fallen to the Chinese supply chain attack, adding another notch to the People Liberation Army’s (PLA) belt.
Reports of manufacturing shenanigans have continued this week with Sepio Systems’ co-CEO, Yossi Appleboum, providing further proof of hacked motherboards used in servers, this time at an unnamed US telecommunications company. Due to the sensitive nature of the disclosure and potential impact on business, Sepio Systems did not reveal the name of the company, but it did describe the mod on the – again – Supermicro motherboard. Digging a little deeper, Bloomberg reached out to all major US telecom companies, and got upfront denials from all but T-Mobile, inferring that this may be the company in question.
This time, the attack was admittedly different, and the details revealed an “implant” in the server’s ethernet connector, which triggered “unusual communications”, which techies at the telecom company were unable to account for. The tampered Supermicro server appeared as two different network devices, yet sharing the authority of the server, bypassing security filters.
According to Mr Appleboum, it is not the first time he has seen contractors in China attempting to tamper with hardware, but it was the first time he saw it on a Supermicro product. The security company added that it was clear that the devices had been tampered at a Supermicro subcontractor’s facilities in Guangzhou, China.
Last week Bloomberg had revealed, in a high-profile and controversial investigation, that Apple and Amazon were victims of Chinese intelligence operatives by way of Supermicro servers, used at those companies. The alleged hack would have taken place in China, since 2015, as subcontractors hired to build motherboards for Supermicro servers proceeded to solder on the hardware mod, which would then become part of the company’s supply chain, and their clients’ infrastructure. Apple and Amazon have categorically refuted the implication that their internal servers were feeding their IP to China’s PLA operatives, not to mention the potentially ruinous revelation which could severely impact Supermicro Inc.’s business.
While targeted companies have been quick to refute the hack, US officials are not discarding it outright and did not comment on the goings-on. It will not help the ongoing trade war between the US and China, that’s for sure.