You only want to slip in as few of these implants as possible to get in. You obviously want to hit as many networks as possible but only for targets that actually make sense. Hitting a DoD network has higher value than hitting the Mormon church's streaming servers. If these implants are real, they aren't cheap and the less that are in the wild, the less chance someone will find one on accident. If the implant actually could take over the BMC firmware, that could give you access to not only the OS running on that server but everything else on the network so the actual number of implants needed for an attack on a network/datacenter are low compared to how many machines are on there.
No evidence that this alleged attack was highly-targeted, but it is pretty much SOP now, since the history of Stuxnet [1] publicly revealed the strategy. I was initially impressed the Bloomberg's story, but the longer this drags on with no independent proof, and given the one of the author's previous infosec reporting gaffe with no follow through, I've dismissed the story's veracity to a low probability.
