I think this has drawn attention to the risk, whether or not it happened.
The last time compromises were built into hardware it was done by the US and depended on firmware rather than adding a separate bit of hardware, which caused less of a reaction in the west. [theregister.co.uk...]
Whether or not this happened, it could happen. Given how much they can achieve, I would be astonished if intelligence agencies are not doing this.
I read a report about the addition of a "rice size" chip added to "some" boards used on both Amazon and Apple servers about a week ago. I also read that both Apple and Amazon had responded to that report to say that they had detected and removed the offending element that was the cause of the report years ago. None of that had been made public because it had no effect on anyone or any thing using their products or service. This looks like the same kind of information from a different source. Does it have any merit? If merit = value, my view is yes, if you are aiming for clickbait, no if you are aiming for value. ;)