Kaspersky Lab Says Report Claiming China Hacked Apple's Former Server Supplier is Likely 'Untrue'

by

Russia-based cybersecurity company Kaspersky Lab today said that while "hardware supply chain attacks are a reality," evidence suggests Bloomberg Businessweek's report about Chinese intelligence tampering with server motherboards manufactured by Apple's former supplier Supermicro is "untrue."

Apple Data Center

Apple data center

Kaspersky Lab said the report "should be taken with a grain of salt" in its 14-page analysis of the alleged attack, obtained by MacRumors:

The stories published by Bloomberg in October 2018 had a significant impact. For Supermicro, it meant a 40% stock valuation loss. For businesses owning Supermicro hardware, this can be translated into a lot of frustration, wasted time, and resources. Considering the strong denials from Apple and Amazon, the history of inaccurate articles published by Bloomberg, including but not limited to the usage of Heartbleed by U.S. intelligence prior to the public disclosure, as well as other facts from these stories, we believe they should be taken with a grain of salt.

Kaspersky Lab added that the language in both Apple and Amazon statements denying the Bloomberg Businessweek report are "pretty strong" and "leaves little to no chance of retractions or denials at a later time." The firm added that the statements are regulated by the SEC in the United States.

The key part of Apple's statement was as follows:

On this we can be very clear: Apple has never found malicious chips, "hardware manipulations" or vulnerabilities purposely planted in any server. Apple never had any contact with the FBI or any other agency about such an incident. We are not aware of any investigation by the FBI, nor are our contacts in law enforcement.

In a press release, Apple later said it is not under any kind of gag order or other confidentiality obligations.

Referring to Apple's mid-2016 detection of malware-infected firmware in specific Supermicro servers that were used internally only, Kaspersky Lab said it believes it is "quite possible that the Bloomberg journalists misunderstood the incident and included it in the hardware supply chain attack story."

The analysis said hardware-based attacks like the one alleged in the Bloomberg Businessweek report are sophisticated, difficult to implement, and expensive. "For instance, even if a server board is compromised during manufacturing, it is complicated to ensure that it finds its way to a certain target."

The accuracy of Bloomberg Businessweek's report has been questioned by not only Kaspersky Lab, but the Department of Homeland Security, the U.K.'s National Cyber Security Centre, and NSA senior advisor Rob Joyce.

Moreover, Apple's recently retired general counsel Bruce Sewell said he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Supermicro, and was told that nobody at the federal law enforcement agency knew what the story was about.

Apple's aggressive campaign to deny the report extends to unnamed senior executives within the company. Supermicro and Amazon, also named in the report, have likewise issued strongly-worded denials of the report.

Bloomberg Businessweek continues to stand by its reporting, and has since followed up with a second story that claims a major U.S. telecommunications company discovered manipulated hardware from Supermicro in its network and removed it in August, citing a security expert working for the telecom company.

The original report, citing 17 unnamed sources, claimed that Chinese spies planted tiny chips the size of a pencil tip on server motherboards manufactured by Supermicro at its Chinese factories. The servers were then sold to companies such as Apple and Amazon for use in their respective data centers.

An unnamed government official cited in the report said China's goal was "long-term access to high-value corporate secrets and sensitive government networks," but no customer data is known to have been stolen.

The report claimed that Apple discovered the suspicious chips on the motherboards around May 2015, after detecting odd network activity and firmware problems. Two senior Apple insiders were cited as saying the company reported the incident to the FBI, but kept details about what it had detected tightly held.

Apple dropped Supermicro as a supplier in 2016, after the incident with the malware-infected firmware updates.

We've covered Bloomberg Businessweek's report in extensive detail over the past week, with all of our coverage available in our "The Big Hack" archive. At this point, it remains a stalemate between Apple and Bloomberg.

Kaspersky Lab itself has faced controversy, with several reports over the last year claiming its software was compromised by Russian intelligence. Nevertheless, Motherboard said the firm "continues to have a good reputation in the industry," particularly as it relates to its ability to discover malware.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: China, The Big Hack

Popular Stories

iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article242 comments
maxresdefault

Apple Releases iOS 18.4 With Priority Notifications, Ambient Music, New Emoji and More

Monday March 31, 2025 10:03 am PDT by
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
Read Full Article78 comments
top stories 2025 03 29

Top Stories: WWDC 2025 Announced, iPhone 17 Pro and iOS 19 Rumors, and More

Saturday March 29, 2025 6:00 am PDT by
Apple's big developer event is a little over two months away, and rumors about what we can expect to see in Apple's next major operating system updates are becoming increasingly frequent. A public release of iOS 18.4 is also imminent with a number of updates and improvements, although we won't be getting the major Apple Intelligence Siri upgrades that had reportedly been planned for this...
Read Full Article6 comments
Magic Mouse Green

What to Expect From the Magic Mouse 3

Saturday March 29, 2025 10:15 am PDT by
Apple is reportedly working on a new Magic Mouse. Below, we recap what to expect. The two key rumors for the Magic Mouse 3 so far include a relocated charging port, along with a more ergonomic design. It was briefly rumored that the Magic Mouse 3 would also feature voice control, but that was misinterpreted information. Relocated Charging Port While the Magic Mouse switched from...
Read Full Article296 comments
iOS 18

iOS 18.4 Expected Next Week - Here Are the Release Notes

Friday March 28, 2025 2:01 pm PDT by
With the second release candidate of iOS 18.4 that Apple seeded out today, the company finally provided us with release notes that give a full rundown on what to expect. There's an Apple Vision Pro app, new Apple Intelligence features for notifications and additional language support, plus an Apple News Food feature for Apple News+ subscribers, and several updates that should improve the...
Read Full Article51 comments
Foldable iPhone 2023 Feature Homescreen

Six Things to Know About Apple's Upcoming Foldable iPhone

Friday March 28, 2025 3:54 pm PDT by
We've been hearing rumors about a foldable iPhone for almost a decade now, but it looks like we might finally see the device come to fruition in 2026. We're going to be waiting many more months for the foldable iPhone, but so far we're hearing good things. Apple wants to make it creaseless. It's taken Apple multiple years to design a foldable iPhone that it's satisfied with because Apple ...
Read Full Article207 comments
iOS 19 visionOS UI Elements

Apple Codename Provides Clue About iOS 19's Rumored New Design

Sunday March 30, 2025 6:40 am PDT by
Multiple sources have claimed that iOS 19 will introduce a new design with more translucent buttons, menus, notification banners, and more, and there is now another clue that points towards this glass-like appearance. Bloomberg's Mark Gurman today said the new design project is codenamed "Solarium" internally. A solarium is a room with glass walls that allow in plenty of sunlight, so this...
Read Full Article120 comments
ipad pro 2024

Gurman: New iPad Pro and MacBook Pro Models With M5 Chips to Launch Later This Year

Sunday March 30, 2025 6:06 am PDT by
Apple's next-generation iPad Pro models with the M5 chip will "launch this year," according to Bloomberg's Mark Gurman. In his Power On newsletter today, Gurman said the new iPad Pro models have progressed to an "advanced testing" stage, and he expects mass production of the devices to begin in the second half of this year. If that timeframe is met, the new iPad Pro models could launch...
Read Full Article147 comments

Top Rated Comments

BaltimoreMediaBlog Avatar
BaltimoreMediaBlog
85 months ago
Sure, yeah, right. I'll trust the Russians on Chinese spying! HAHAHAHAHA!

That's like trusting Tim Cook when he says, "There are no FM radios in iPhones" during a hurricane when independent tech firms have already found the FM circuitry! :D
Score: 17 Votes (Like | Disagree)
Scottsoapbox Avatar
Scottsoapbox
85 months ago
Bloomberg needs to show some actual proof at this point.
Score: 14 Votes (Like | Disagree)
mariusignorello Avatar
mariusignorello
85 months ago
This is the Ford vs. Kavanaugh of technology. Put up proof or be done with it.

Unnamed sources, here say and the likes are not proof.
Score: 12 Votes (Like | Disagree)
parseckadet Avatar
parseckadet
85 months ago
This is the same Kaspersky Labs that was found to be sending consumer data to the former KGB right? Yeah, they’re super trustworthy.
Score: 10 Votes (Like | Disagree)
Solomani Avatar
Solomani
85 months ago
The Russians are defending the Chinese in their alleged attacks on American (companies).

Haha. This is rich.
Score: 6 Votes (Like | Disagree)
StevieD100 Avatar
StevieD100
85 months ago
Hopefully Apple and Amazon can sue them into bankruptcy. Cook needs a new tortoise shell eyeglasses, and Bezos needs a new pair of pants.
If Apple had any sense at all, they would not go anywhere near filing suit against Bloomberg.
BB's exec and by implication their lawyers would just love to get their hands on all sorts of confidential Apple documents and the like. They'd be in rumour heaven and to hell with the fines.
I read a book by a Law Professor a few years ago as part of my MBA. The words he said about Discovery really made me think.
"Beware the Ides of Discovery"
You can be compelled to turn over almost every document (paper and electronic) that exists inside the company even if it really has nothing to do with the law suit, just in case it does and ...
There is a reason why many cases never get to trial and that is Discovery. One side will see that they basically have no chance of winning. Or that they must settle out of court or all their internal dirty linen will get read out in court and basically become public domain.
for a company as secretive as Apple, filing suit against Qualcomm is far less risky in terms of leaks etc than it is to file again Bloomberg who are in the business of publishing 'secret and lies'
Score: 5 Votes (Like | Disagree)
Read All Comments