Wasn’t there also this backdoor in the BSD IP stack open since the 90s for about 10 years?
I agree with Snowden. It's likely not a hack. It is more likely a supply chain attack. Govs (including the US) have been implanting targeted bugs and trackers in modems/routers and the like both locally, and before sending them overseas to world leaders etc. for years. Supply chain attacks are nothing new. However, I need more data on these specific attacks before I can say anything beyond that.
https://www.cnet.com/news/privacy/cia-reportedly-hacked-wi-fi-routers-for-years-wikileaks/
Discussion
There have been allegations, but no concrete evidence afaik. Gregory Perry, (former NETSEC CTO) sent an email to Theo de Raadt, the BSD project leader alleging that NETSEC developers had helped the FBI insert "a number of backdoors" into the OpenBSD IPSEC implementation. No evidence was publicly confirmed to the best if my knowledge, and open source being what it is, there are lots of eyes on the BSD codebase.