Huawei may have made the headlines, but pray tell, how does one source electronics that hasn't had "Made in China" involved in the process at some stage?
There are a few chip fabs outside e.g. Intel in Malaysia, but getting an assembled system of any sort without a Chinese manufacturer involved at some stage is especially difficult.
Our cyber sec ops centre opened added a teleconferencing facility a couple years ago; and within 30 seconds of the cameras being installed we detected the cameras pinging their presence back to China.
Basically, assume your IT is compromised regardless of supply chain and work up from there.