[A video QA scan of that hacked board, something every manufacturer does, would red flag that board immediately. I could spot it with my bare eye as something not designed to be on the board even if they had not put a red circle around it.]
QA is done not just by the manufacturer/assembler, nut also by the designer/customers as well. As I wrote on the original thread when Bloombergs article came out with its accusation about a specific line of server logicboards imported and sold by a California company, they had designed and engineered them from scratch, and every board was QAd in California on arrival to their reference boards, and tested completely before shipping to the companies that made servers. Those companies also did QA checks. Amazon, through its AWS due diligence, was a customer of one of the server makers as was Apple, and they BOTH did QA on them. In fact, Amazon wound up BUYING both companies! They stated then that there was no way a spurious chip could have been snuck onto the motherboards and been overlooked by their QA. The NSA looked into these reports and found nothing.
Bloomberg itself did NOT publish any photos of an in situ chip on a motherboard, instead accepted their sources word. They cited "experts" saying "if this was done, heres how it could be done" quotations. . . But no one was willing to say it was done.