> he was convinced that it was very unlikely to be limited to Supermicro hardware

Yep. This was why there was a significant movement around mandating Hardware BOMs in both US and EU procurement in the early 2020s.

Also, the time period that the Bloomberg story took place was the late 2000s and early 2010s, when hardware supply chain security was much less mature.