Frankly I'm amazed the cloud guys even bother with BMC
Surely AWS don't bother with a baseboard controller on their servers...i.e. go to the aggravation of allocating an IP, a subnet etc just so some lucky NOC noggin can web or SSH in once in 18 months when the server seems squirrely? I mean their volumes make this deeply unlikely - you'd need hundreds of people to monitor the server estate in that manner. I posit that AWS's ask SuperMicro for custom server designs that don't even bother with the chip.
So while I can well believe the Chinese might attempt something like this, I'm also skeptical that the attack exists as described.
And of course, are we really to believe that the Chinese assumed that AWS's networks would simply allow the rogue chip to phone home for instructions? Those things must be locked up tighter than a gnat's sphincter.
To reiterate: yes I believe the Chinese state has motive, means and opportunity. And as they say on the UK cop shows I watch, they "have prior". I'm just not convinced about this particular attack.