Yes, firmware compromise is a rather scary business.
Worse than Macs, I wonder whats been done to Windows and Android machines.
stay tuned, I suspect we will find out as the Vault is explored
Many (not all) Windows computers include a built-in totally opaque proprietary system called Intel Management Engine/Intel Active Management Technology that facilitates remote management in corporate environments. IME/AMT has its own processor that has access to all the computer’s hardware at all times (unless the power and battery are physically disconnected). This includes the network connections and hard drives. It can do things invisibly to the operating system, and also interact with the operating system. What backdoors it may present and to whom are impossible to know.
If it is present on the computer then it is virtually impossible to disabled or remove. The BIOS setting to disable it only turns off the ability to change the configuration, and removing it without rendering the computer inoperable has only been achieved on a couple of models of computer.
AMD makes an equivalent technology.