I wish it was that but those people would be smart enough to not use their real name when signing up - those doing supply chain attacks are often at least somewhat professional and take precautions.
I suspect it was more about going after software that was enabling piracy, those are often created by naive students who are not expecting the power of government to be unleashed on them.
> those doing supply chain attacks are often at least somewhat professional and take precautions.
Not really.
The vast majority of supply chain attacks in practice are idiots exploiting namespacing, bitflips, or typos on pypi/npm to drop miners or infostealers.
Yes, even the shit tier supply chain attacks count :)
I suspect it was more about going after software that was enabling piracy, those are often created by naive students who are not expecting the power of government to be unleashed on them.