> How is one person being present during an upgrade enough to render the physical machines suspect and beyond repair/review?
As soon as an unidentified attacker has unsupervised access to a piece of hardware it's game over. An exploit that uses persistence features like embedding itself into the BIOS/UEFI firmware (see e.g. https://www.coresecurity.com/core-labs/articles/the-bios-emb...) can be very hard to get rid of - so hard that it's likely easier to dispose of the machines entirely.
It’s literally the first sentence of the linked article…
Edit — I see you’ve specified unsupervised where the article specifies “unauthorized”. However, given they turned off the security cameras I think it’s kind of splitting hairs
There were other people present, making it not "unsupervised". By ignoring this distinction both you and the above commenter are spreading disinformation for what appear on the surface to be nefarious political goals.
We have no way of knowing what went down in that location. The fact that unauthorized people were present with video surveillance turned off and the machines were running for a software upgrade is enough to assume at least one could have been compromised in a matter of seconds - if only by a sleight-of-hand hidden insertion of an USB stick.
As soon as an unidentified attacker has unsupervised access to a piece of hardware it's game over. An exploit that uses persistence features like embedding itself into the BIOS/UEFI firmware (see e.g. https://www.coresecurity.com/core-labs/articles/the-bios-emb...) can be very hard to get rid of - so hard that it's likely easier to dispose of the machines entirely.