Re: One questions seems to have been missed
For the life of me I can't see why China would be that fussed about getting access to what TV show is being played on a random four letter TV station.
Well, FEDRAMP is hosted largely on AWS, so that isn't exactly a random four letter TV station, it's the primary access point for civilian US federal agencies cloud presence.
As for bloke on the street targeting, I know a number of peers, as well as myself who could be targeted, due to the PRC hack of OPM and the downloading of our security clearance investigation files.
One upside of that is, now, we can get a security clearance in China.
From the course views of chip locations and traces, it's probable these are CMOS wedge devices, pre-pre-execution environment for the BMC, root kitting it at a hardware level, before the BMC CMOS gets loaded. That bypasses checksums, signing, etc.