This allegedly gave Chinese spies clandestine access to servers belonging to over 30 American companies, including Apple, Amazon, and various government suppliers, in an operation known as a "supply chain attack," in which malicious hardware or software is inserted into products before they are shipped to surveillance targets.
Bloomberg's report, based on 17 anonymous sources, including "six current and former senior national security officials," began to crumble soon after publication as key parties issued swift and unequivocal denials. Apple said that "there is no truth" to the claim that it discovered malicious chips in its servers. Amazon said the Bloomberg report had "so many inaccuracies … as it relates to Amazon that they're hard to count." Supermicro stated it never heard from customers about any malicious chips or found any, including in an audit it hired another company to conduct. Spokespeople for the Department of Homeland Security and the U.K.'s National Cyber Security Centre said they saw no reason to doubt the companies' denials. Two named sources in the story have publicly stated that they're skeptical of its conclusions.