> Or at least have testimonies by employees in these company
The original article directly addressed this: "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
It is entirely likely that the companies affected were directed by the IC agencies working on this not to discuss or reveal their knowledge of the hack. Often in intelligence operations it is important and useful to not alert your adversary that you are aware of their intrusions until you are fully ready to take action against them, or have fully removed the danger.
I don't see any reason to take the companies' categorical denials as evidence that this did not happen or that they were not targeted. Those statements are what one would expect in a national security incident and investigation of this magnitude, with such serious implications.
The original article directly addressed this: "The companies’ denials are countered by six current and former senior national security officials, who—in conversations that began during the Obama administration and continued under the Trump administration—detailed the discovery of the chips and the government’s investigation. One of those officials and two people inside AWS provided extensive information on how the attack played out at Elemental and Amazon; the official and one of the insiders also described Amazon’s cooperation with the government investigation. In addition to the three Apple insiders, four of the six U.S. officials confirmed that Apple was a victim. In all, 17 people confirmed the manipulation of Supermicro’s hardware and other elements of the attacks. The sources were granted anonymity because of the sensitive, and in some cases classified, nature of the information."
It is entirely likely that the companies affected were directed by the IC agencies working on this not to discuss or reveal their knowledge of the hack. Often in intelligence operations it is important and useful to not alert your adversary that you are aware of their intrusions until you are fully ready to take action against them, or have fully removed the danger.
I don't see any reason to take the companies' categorical denials as evidence that this did not happen or that they were not targeted. Those statements are what one would expect in a national security incident and investigation of this magnitude, with such serious implications.