A cry of “fake news” is making the rounds concerning the Chinese supplychain attack against Supermicro reported by Bloomberg.
Bloomberg reports all official statements (nationstates & corporations) deny the attack.
Supply Chain Attacks are feasible (tough but feasible) and make logical sense. Plenty of motive for plenty of actors.
If it is widespread, there’s plenty of opportunity for corroboration.
Time to crack open your own #Supermicro and have a look see!
Palo Alto logs...
that said, if there is something I should be looking for that I'm not... then it could be there, but one blocks all traffic to .CN and associated IP ranges... If traffic were headed there I'd see it.
they could be using a server stateside to C&C, and I might not find it this way.
There's some back and forth as AWS is stating that it's not accurate, but it doesn't surprise me that they want to defend their quality and security standards.
A Mastodon instance for info/cyber security-minded people.