Chinese spies inserted a backdoor on Supermicro’s server BMCs

US officials have released details of a widespread hardware hack which was made by Chinese spies that have been infiltrated in 30 American companies, including Amazon and Apple. The incident started in 2015 by planting rice-sized computer chips onto Supermicro’s server motherboards which gave governmental-hackers access to sensitive consumer and government data.

We must take into consideration that every supply chain is always at risk, by doing this we will not get surprised when we learn about this or further implant vulnerability.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Earlier this year a cybersecurity team uncovered BMC vulnerabilities and reported that they could easily be exploited for malicious purposes, with or without a backdoor implant. Because of them, the only thing a hacker needs is a network connection in order to retrieve private and sensible information.

Researchers also found that it is 100% possible to launch an attack using remote code execution. The conclusion is that BMCs, or any system with network access, is vulnerable to this type of attack because it’s doesn’t require an implant from a nation-state adversary.
Companies must protect themselves by practicing in-depth-defense, especially across their supply chain, and also isolate their systems at the network level.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.