@sabi I mean, it's either someone with more time than sense to plot revenge OR some stapte-sponsored attacker...

OR because I've seen both to happen...

And yes, if you want to see #WeaponsGradeBoredom, check out #nocom:
https://infosec.space/@kkarhan/112182642849702125

@BrodieOnLinux @that_leaflet @AuntyRed
@SecureOwl if this ain't some #StateSponsored #SupplyChainAttack it was at least so methodical that it's definitely some sort of specific attack against a specific target...

I mean, I've seen weird #3Dchess in #ITsec so I'd not be surprised if this was just some #1337hax0r wanting to take revenge on an employer/client who still owed them pay...

I mean, that whole #xz #backdoor has serious #nocom vibes:

https://www.youtube.com/watch?v=elqAh3GWRpA&t=79s

#TLDW: people literally gaslit an admin with specific packet flooding into filing a specific bug report so a specific fix would be implemented that would get a #backdoor implemented in #Spigot, a popular #Minecraft #Server #Toolchain...