The NSA has never done something on this scale. With sec researchers looking at _everything_ right now it would have been uncovered by now. The major point in this story wasn't a hardware hack, it was a hardware hack on a MASSIVE scale, a scale that would have to be treated as an act of war against the _rest of the world_.
If this article were true it would have been the first public volley in WWIII.
The number of implants doesn't need to be that great. If you are already tapped into Supermicro's supply chain and ordering system, then you can already figure out when a bulk of servers passing through manufacturing are going out to a certain customer. Bribe someone or have an agent on the floor slip in the implant during assembly. Maybe the gerber files for the boards already have the necessary pads built-in for debug, maybe someone is swapping in modified gerbers. Maybe the implant is installed totally after hours when the boards are already built or when they are on their way to the final assembly facility.
Spy work happens all the time; it's a normal state of affairs. One country or company stealing secrets from another country or company happened today, whether or not the Bloomberg report holds water.
It's only the first volley in WWIII if world militaries choose to escalate in response.
The NSA works with the advantages they have, and likewise for China. For example, PRISM involves tapping communications within American service providers like Google and Facebook, which is an advantage to the NSA because these are American companies that are subject to US law, FISA warrants, etc, and yet foreign adversaries still use these services. China's advantage is manufacturing--the manufacturing is in China, within the control of the Chinese government, and yet the manufactured hardware is still exported to China's foreign adversaries--and the way to exploit that is to do something exactly like what Bloomberg is reporting.
If this article were true it would have been the first public volley in WWIII.