As we hear about the pagers in Lebanon that injured more than 2,700 people today, a reminder that one of the things that came out of the Ed Snowden leaks is that the NSA intercepts packages en route to customers to install malware and surveillance devices.
So, i started working for Cisco shortly after this went down, and it actually changed basically everything about their global supply chain. Anywhere that devices which would be provided to customers were at rest were blanketed by cameras and literally all procurement shipping was changed to overnight (or first overnight for anything near a warehouse) to try to make it functionally impossible to execute the same attack again.
Talk shit about their products all you want, but they were unironically angry about this issue and in classic Cisco fashion threw money at the problem until it went away.
I suspect there's still ample opportunity for the NSA/etc (indeed any state actor) to interfere with shipping at almost any point and have disclosure that it happened be a crime.