Deep impact: States and software supply chain attacks
By
Trey Herr, June Lee, Will Loomis, and Stewart Scott
States have used software supply chain attacks to great effect. Hijacked updates have routinely delivered the most crippling state-backed attacks, thanks in part to a continued failure to secure the code-signing process.