CYBERSECURITY UPDATE: Investigating Implausible Bloomberg Supermicro Stories.

One of the biggest reasons people in the server management industry doubt the Bloomberg report is that it is not plausible for these chips to function in the networks of their intended targets, allegedly “30 companies.” Amazon AWS noted as much in their rebuttal response to this article when they said: “The remaining two non-critical issues with the web application were determined to be fully mitigated by the auditors if customers used the appliances as intended, without exposing them to the public internet.” (Source: Bloomberg)

We are going to get to how hard it is to pull this type of hack off later in this article. For now, the important piece is that the attack, as described in the passage above, would not work at its intended targets. Standard industry practice guards against this attack vector.

This is a long, dry read, but might be worth at least skimming.