You mean this article? Albeit the summary was poor, but it covers the firmware hacking.
And FYI, if anyone actually takes the time to read the Kaspersky report they'd catch that the infection is believed to have been done on thousands to tens of thousands of computers, NOT "most HDDs". The firmware has the capability to infect most HDDs, but most HDDs are not infected - according to the very source report itself.
Which should be obvious. Because if you're the NSA and you're writing a super-infection to use against top-level targets, the last thing you want to do is have it on every last computer in the world, increasing your likelihood of being found by many orders of magnitude. The NSA's preferred method of infection is interdiction - intercepting objects while in transit to targets, such as CDs or hard drives, infecting them, then letting them continue on their way.
Once again, the NSA doesn't give a rat's arse if you're going to the Pirate Bay to download I Am Legend. It has far more important things to worry about, like people building atomic bombs and invading other countries.