Bloomberg says spies in China managed to add a chip to servers Apple, Amazon, government agencies, and other companies were using. The chips were found on Supermicro server and were no bigger than a grain of rice. They let the People’s Liberation Army, and presumably other government agencies capture data and even remotely control compromised servers. From Bloomberg’s report:
The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.
Apple vehemently denies the report and calls out what it says are factual errors. The other companies deny the report, too. Apple stopped buying Supermicro servers in 2016 after discovering an unrelated security issue. Amazon bought Elemental Technologies, the company that wrote the software running on Supermicro servers, to run on its own custom designed hardware. Either China pulled off the most amazing hack ever: altering server hardware during manufacture for espionage, or Bloomberg and its sources got the story completely wrong.