Well that was clickbait, sorry. Xz is not part of the kernel, it only reached bleeding edge releases, not the masses, it affected ssh server logins and because it was opensource it got tracked down fast.
And of course its a wakeup call, on how far and how long someone or some entity is willing to go, this took a lot of time and effort to complete, first delivering bug fixes and getting known by the community, then slowly with little incremental changes over a long time setting it up, and that is the scary part. Imagine that much or more effort happening at a ms or some anti cheat rootkit developer.
The fact it was opensource helped tracking it down quite a lot.