The article cited 17 unnamed sources, including industry insiders and current and former USA officials.
Shares of Chinese hardware companies fell sharply on Friday, led by computer maker Lenovo Group Ltd which lost more than a fifth of its value. Some said that certain allegations were plausible, but that the strong denials from companies cited in the piece left them with doubts about whether the attacks had happened. One US official who said Thursday morning that the thrust of the article was true later expressed uncertainty about that conclusion.
Amazon said in a statement that "it's untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental", the USA video service on whose servers, the report says, Amazon found the microchips.
Several US officials contacted by The Washington Post said they were uncertain about the accuracy of the Bloomberg Businessweek report. Elemental's national security contracts weren't the main reason for the proposed acquisition, but they fit nicely with Amazon's government businesses, such as the highly secure cloud that Amazon Web Services (AWS) was building for the Central Intelligence Agency.
Super Micro Computer shares fell 38 percent to $13.26 in Pink Sheet trading.
Nested on the servers' motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn't part of the boards' original design. "Supermicro has never been contacted by any government agencies either domestic or foreign regarding the alleged claims", according to a tweet by Wall Street Journal reporter Robert McMillan.
The report said Amazon discovered the problem when it acquired software firm Elemental and began a security review of equipment made for Elemental by California-based Supermicro.
"Our best guess is that they are confusing their story with a previously reported 2016 incident in which we discovered an infected driver on a single Super Micro server in one of our labs", Apple said of the Bloomberg report.
AWS told Bloomberg it had reviewed its records related to the Elemental acquisition and "found no evidence to support claims of malicious chips or hardware modifications".
The extent of the data China collected from the surveillance chips was not clear from the report, and no consumer information was known to have been stolen, according to Bloomberg Businessweek.
However, Apple and Amazon have both strongly denied such a chip was found.
Representatives with the Federal Bureau of Investigation and the U.S. Department of Homeland Security did not respond to requests for comment. Seventeen individual sources, including government officials and insiders at the companies, confirmed the manipulation of hardware and other elements of the attacks.
"Extended, complex, global supply chains create a risk for malicious cyber activity that companies must take into account", said Michael Daniel, chief executive of the non-profit Cyber Threat Alliance.