Chinese spies attempted to plant tiny microchips in the data centers of 30 major American companies, including Amazon and Apple, according to a Bloomberg investigation.
Amazon reportedly discovered the issue in 2015 after buying video service firm Elemental. Bloomberg said Amazon alerted US authorities, who are still investigating.
The hack is said to have sent a "shudder through the intelligence community."
Amazon and Apple both strongly rejected the findings, which Bloomberg said were based on conversations with 17 anonymous sources, including insiders at both tech giants.
Amazon and Apple were among 30 companies targeted by Chinese spies through a tiny microchip that infiltrated the supply chain for American technology firms, according to Bloomberg.
The Bloomberg Businessweek investigation found that Chinese operatives managed to insert microchips, no bigger than a grain of rice, into hardware supplied to US firm Supermicro, described as one of the world’s biggest sellers of server motherboards.
Supermicro's compromised motherboards were built into the servers of the US companies targeted. China's reported goal was to access these data centers and swipe confidential information. No consumer data is known to have been stolen, Bloomberg said.
Amazon first spotted the microchips while doing the due diligence for its $500 million acquisition of US video service firm Elemental in 2015. Amazon hired a third-party to test Elemental's servers, which had been put together by Supermicro. After spotting tiny chips on the servers' motherboards which were not part of the original design, Amazon reported its findings to US authorities, "sending a shudder through the intelligence community." A secret investigation remains open three years later.
Citing three internal sources, Bloomberg said Apple also discovered the malicious chips in motherboards supplied by Supermicro in 2015. A year later, Apple ended its relationship with Supermicro for what it described as unrelated reasons.
Amazon, Apple, and Supermicro did not immediately respond to Business Insider's request for comment. All three companies, however, strongly disputed the findings in statements to Bloomberg.
Amazon said: "It’s untrue that Amazon Web Services knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental."Apple added: "Apple has never found malicious chips, 'hardware manipulations' or vulnerabilities purposely planted in any server."
Supermicro said it was unaware of an investigation, while US investigators, including the FBI, declined to comment. The Chinese government did not address the report. "Supply chain safety in cyberspace is an issue of common concern, and China is also a victim," it told Bloomberg.
Bloomberg said its report was based on confirmations of the hack by 17 unnamed people. These included six current and former national security officials, two Amazon insiders, and three sources at Apple.
One official told Bloomberg Businessweek that investigators found that the microchip problem affected almost 30 companies, including a major bank and government contractors.