I think there are two points here -
1) A report from Bloomberg
The companies involved are required if the US wish, to be required to deny the story because of US legislation.
Bloomberg lacks a smoking gun in the form of a board we can see and their sources may have been got to.
2) The concept that hardware can be modified in production in China and else where
This has happend and will happen again, larger companies should be checking systems for secure proceasing at the physical and chip code levels. Smaller companies in supply chains to secure companies need to know they are a stepping stone for nation state actors to the main prize.