I'm not sure where you got that idea. The article describes a tiny microcontroller, attached to the read pins of the BMC's boot flash, flipping a few bits in transit from the flash ROM to the BMC SoC as the BMC boots. This is not only practically possible, it's very similar to the technique used to hack the original Xbox and by many console mod chips. And is sufficient to boot the BMC in a vulnerable state for the next chain of an attack.
Nothing about the exploit claimed in the article was impossible or even novel.
That said, I'm not aware of any physical boards found to have the compromised hardware outside of those Bloomberg claim to have witnessed.