On Oct 4th Bloomberg ran a story insinuating that many motherboards manufactured by US companies including Supermicro were compromised with tiny chips from the Chinese government that can be used to compromise US companies.
The below news article was published on Oct 4th Essentially, Bloomberg alleges that members of the Chinese military had a chip inserted into the motherboards during manufacturing and that the chip allowed the attackers to create a stealth doorway into any network that included the altered machines.
Today Bloomberg Businessweek wrote a story about the US supply chain of servers being infiltrated by Chinese spies. This article has been picked up by numerous publications.
Unitrends has appliances installed worldwide and in many secure environments including government agencies. We have not received any reports or complaints of this compromise. We are further researching this issue with our appliance manufacturers and suppliers but at this point do not have any information indicating that we have a vulnerability.
Below is Supermicro’s public response.
While we would cooperate with any government investigation, we are not aware of any investigation regarding this topic nor have we been contacted by any government agency in this regard. We are not aware of any customer dropping Supermicro as a supplier for this type of issue.
Every major corporation in today’s security climate is constantly responding to threats and evolving their security posture. As part of that effort we are in regular contact with a variety of vendors, industry partners and government agencies sharing information on threats, best practices and new tools. This is standard practice in the industry today. However, we have not been in contact with any government agency regarding the issues you raised.
Furthermore, Supermicro doesn’t design or manufacture networking chips or the associated firmware and we, as well as other leading server/storage companies, procure them from the same leading networking companies.
LINK TO ADVISORIES