Chinese hackers have always threatened the world that is witnessing the digital transformation. However, this might be the biggest attack they have made on the world with Super Micro malware. Bloomberg reported last week that San Jose-based company Super Micro supplied motherboards that eventually ended up with US defense were compromised. The motherboards contained a tiny microchip that was not a part of the original design. These boards were used by Amazon’s Elemental servers. A number of US-based companies and government agencies used these servers (in a try to make their digital system more secure). The investigation was lengthy and agencies found that a Chinese subcontractor planted these microchips on the boards.
After a long investigation, it turned out that Super Micro servers were hit by a malware too. And to everyone’s surprise, a small portion of this malware has been found on Apple and Facebook servers.
Facebook and Apple on the Issue
Bloomberg reported that the Super Micro online portal that used to offer software updates was hit by Chinese hackers with the help of that microchip in 2015. The attackers added malicious code in firmware for network cards to take over server’s communications. Notably, Facebook and Apple both have only reported malware on their servers and there is no microchip involved.
“In 2015, we were made aware of the malicious manipulation of software related to Supermicro hardware from industry partners through our threat intelligence industry sharing programs,” Facebook said while speaking to Bloomberg. “While Facebook has purchased a limited number of Super Micro hardware for testing purposes confined to our labs, our investigations reveal that it has not been used in production, and we are in the process of removing them.”
Apple, however, denied any critical damage from malware but confirmed finding the malware on one of their servers.
“We are deeply disappointed that in their dealings with us, Bloomberg’s reporters have not been open to the possibility that they or their sources might be wrong or misinformed,” said an Apple spokesperson. “Our best guess is that they are confusing their story with a previously-reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs. That one-time event was determined to be accidental and not a targeted attack against Apple.”
According to these giants, the malware attack on their servers was not that big of a concern but it was still big enough to steal information and make doorways to other servers. Ministry of foreign affairs of China previously quoted itself a “resolute defender of Cybersecurity.”
While Apple has been on a lighter side to the issue, it is a matter of big concern for Facebook. The social media platform has been under several security breaches over the past year. The famous Cambridge Analytica scandal revealed that personal information of around 83 million users was compromised. Not only that, but Facebook also confirmed last week that around 50 million users were under a hack attack on the platform. It is yet to be revealed how the company failed to maintain user data safe but a heavy fine is to be paid by the firm to European Union.