The details of the attack are still fuzzy, but essentially an additional chip or modified chip were added to Super Micro Computer (Supermicro) motherboards when they were built in China. The hack seems to be related to the baseboard management controller (BMC) that has complete control of the motherboard. The BMC is part of the remote management system.
The U.S. government has been investigating the issue and much of this remains classified. The investigation goes back to 2014. The impact is major potentially affecting companies like Amazon and Apple that use thousands of servers, many from Supermicro, to provide cloud services as well as supporting their own network services from websites for consumer sales to streaming media.
One reason for the attack on Supermicro is that it delivers a wide range of server products in addition to consumer and gaming motherboards and embedded systems, many of which have been covered by Electronic Design and other computer and electronic publications. Supermicro, founded in 1993, is one of the largest suppliers of server-related hardware in the world.
Evidently, Amazon found compromised server motherboards in 2015 when considering an acquisition of Elemental Technologies, a firm into video-streaming services that demands high-performance servers.
According to Bloomberg: “In emailed statements, Amazon, Apple, and Supermicro disputed summaries of Bloomberg Businessweek’s reporting. However, the account is based on more than a year of reporting and more than 100 interviews, including several current and former senior national security officials and insiders at Apple and Amazon. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks.”