No confirmation yet of the Chinese supply-chain seeding campaign.
At this point one would have thought there would have been some confirmation of Bloomberg's report that China had successfully insinuated "spy chips" into the supply chain of a hardware manufacturer. But such confirmation has failed to appear. Other news organizations have looked for it, but they've come up empty. Denials continue to come in from companies the report said were affected, notably Supermicro, which this week replied to an inquiry from US Senators Blumenthal and Rubio by telling them that the compromise never occurred (Bloomberg).
Apple CEO Tim Cook told BuzzFeed that Bloomberg needed to "do the right thing" and retract its account. Bloomberg hasn't done so, instead telling BuzzFeed, "Bloomberg Businessweek's investigation is the result of more than a year of reporting, during which we conducted more than 100 interviews. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks. We also published three companies' full statements, as well as a statement from China's Ministry of Foreign Affairs. We stand by our story and are confident in our reporting and sources."
The US Director of National Intelligence said that while the prospect of such attacks is worrisome, the Intelligence Community has no evidence this one actually happened. DNI Dan Coats said, "We’ve seen no evidence of that, but we’re not taking anything for granted. We haven’t seen anything, but we’re always watching" (CyberScoop). The Intelligence Community's message seems to be, as NSA's Rob Joyce put it earlier this month, that looking for Chinese spy chips on server motherboards may be "chasing shadows."
Former intelligence officials, now retired to the private sector, seconded the views of the incumbents. Michael Rogers, until this spring Director, NSA, told Forbes, mildly, "I’m not sure I agree with everything I read." His Israeli counterparts, Nadav Zafrir, who formerly led Israel's Unit 8200, told the same publication that he wasn't "personally aware" of anything like the attack Bloomberg described.
Relations between the US and China have been tense, over both trade and cyber operations. There seems to be little reason for US officials to have an interest in minimizing a Chinese cyberattack. The emerging consensus seems to be that this particular supply chain attack warning was a false alarm.