On Thursday, Bloomberg Businessweek published a highly-sourced cover story detailing a stunning attack by the Chinese government capable of infiltrating companies including Apple and Amazon, as well as USA intelligence agencies, the mormon church, and the porn industry.
The operation saw a branch of China's armed forces, known as the People's Liberation Army, forcing Chinese manufacturers to insert chips the size of a grain of rice into US-designed servers during the equipment manufacturing process, the report claims.
The goal of the Chinese spies was reportedly to use these microchips to gain access to sensitive corporate data and other secrets through advanced hacking.
Bloomberg claims that the chips were initially and independently discovered by Apple and Amazon in 2015 and that the companies reported their findings to the FBI, prompting an investigation that remains ongoing.
Bloomberg, citing multiple sources, said the infiltration was first discovered in 2015 and confirmed by independent investigators before a full investigation was launched my multiple USA government agencies.
One U.S. official told The Washington Post on Thursday morning that the thrust of Bloomberg Businessweek's reporting was accurate.
Amazon, meanwhile, "found no evidence to support claims of malicious chips or hardware modifications", the company said.
Amazon Web Services, which was building a super-secure cloud for the Central Intelligence Agency, hired a third-party company to study Elemental's security, a source familiar with the process told Bloomberg.
Apple said the incident "was determined to be accidental and not a targeted attack".
However, Bloomberg's sources are adamant.
Supermicro said it was unaware of an investigation, while USA investigators, including the FBI, declined to comment.
Commenting on the risks of supply chain security, Ross Rustici, senior director, intelligence services at Cybereason, said that threats often do come from a complicit insider, "whether it is at the factory, a transportation agent or customs official".
Apple - which tends to refrain from issuing direct responses to specific reports - has taken the unorthodox step of categorically denying Bloomberg's revelations.
Reuters was unable to reach Apple and Amazon, as well as representatives with the FBI, Department of Homeland Security Agency and National Security Agency for comment.
Amazon subsidiary Amazon Web Services, which provides on-demand cloud computing platforms, was described in the Bloomberg story as having known about the malicious chips and working with the FBI to investigate the matter. Apple, which has since severed ties with Supermicro for what it says are unrelated reasons, says it has never found "malicious chips" in its products.
China's ministry of foreign affairs responded by insisting it was a "resolute defender of cyber security".
Amazon and Apple both denied there was any substance to Bloomberg's claims.