Probably much bigger. It's naive to assume Supermicro was the only vendor compromised in this way. Similar implants probably exist in equipment from every major vendor of information-processing equipment. Routers, mobile network equipment, you name it.

This is the leverage you give another nation-state when you let them control your supply chain.