At least two Australian government agencies held contracts for hardware from Supermicro, a company whose technology was allegedly infiltrated by malicious computer chips.
A report in Bloomberg Businessweek claims Chinese government operatives installed tiny spy chips in Supermicro server motherboards, which it says were then used by Apple, Amazon, the US government, banks and others.
Supermicro, Apple and Amazon strongly deny the allegations.
Tender documents show both Australia’s Department of Defence and Bureau of Meteorology were supplied with Supermicro technology.
It is unclear yet whether these contracts involved any of the affected motherboards, or whether technology was supplied from any of the four subcontracting factories in China, where the chips were allegedly added.
Defence contracts for Supermicro hardware stretch back to at least 2007. Between 2016 and mid-2018, those contracts covered servers and other technology worth more than $200,000.
Whether the chips reached servers outside America also remains unknown: an official told Bloomberg the supply chain attack affected “almost 30 [American] companies, including a major bank, government contractors … and Apple”.
According to the report, the surveillance chip, “not much bigger than a grain of rice”, was discovered in 2015 by an unnamed security company and remains the subject of ongoing investigations.