This post on Bloomberg caught my eye:
One of the biggest distributors of IT technology is now owned by a Chinese company. For some companies this could be a major problem if you are concerned about the integrity of the supply chain and the ability of foreign governments to access your assets before they arrive on your premises.
Its becoming more common to install backdoors and eavesdropping tools to the ROMs which are very vulnerable AND hard to detect.
Related: Vendors need to do more about hardening the manufacture of their devices to maintain integrity in the face of supply chain attacks.