I don't see why people discard the scenario where both the sources and supermicro are right, but there's been a misunderstanding.
This could happen, for example, with a tabletop exercise. I know the military does these, so it's not unlikely the CIA does them too. The CIA dreamt up a scenario where a US company's hardware was compromised by China, and simulated their response for training. Since it's just an exercise, it obviously wasn't as secret, so employees would have probably not feared to talk about it loudly at e.g. lunch break. Someone overhears, it, runs to bloomberg and we have the situation we have now.
Not the only scenario, but something along these lines is my theory.
This could happen, for example, with a tabletop exercise. I know the military does these, so it's not unlikely the CIA does them too. The CIA dreamt up a scenario where a US company's hardware was compromised by China, and simulated their response for training. Since it's just an exercise, it obviously wasn't as secret, so employees would have probably not feared to talk about it loudly at e.g. lunch break. Someone overhears, it, runs to bloomberg and we have the situation we have now.
Not the only scenario, but something along these lines is my theory.