The five years since the SolarWinds disclosure have served as an extended public study of nation-state supply chain tradecraft. The original campaign forced both defenders and adversaries to update their models. Defenders learned that their trust assumptions about software updates were dangerously generous. Adversaries learned that the operational pattern they had refined was now publicly understood, and they had to evolve.
This post traces the evolution visible across 2025 and the first quarter of 2026, drawing on government attribution reports, industry threat intelligence, and the patterns visible in disclosed nation-state-linked supply chain operations.
What has changed since SolarWinds
The original SolarWinds campaign demonstrated several capabilities that have since become baseline expectations in nation-state supply chain operations: long dwell time inside a vendor's build environment, deep integration of the malicious code into the legitimate build artifact, careful selection of victim subset to avoid noisy collateral, and use of legitimate distribution infrastructure for the payload.
Five years later, several aspects of the tradecraft have moved.
Build environment dwell time has gotten harder to sustain because vendors have invested in build integrity controls, and the public operator footprint has shifted accordingly. Operators now spend more effort on lower-friction entry points: maintainer accounts on open-source projects, CI/CD components that vendors consume rather than maintain, and third-party tooling that vendors integrate without deeply scrutinizing.
Targeting precision has increased. Operators now invest more in selectors that identify specific intended victims among the broader pool of consumers of a compromised component. The selectors are increasingly sophisticated, sometimes involving cloud metadata, network identifiers, or process-tree characteristics specific to the target environment.
Payload patience has grown. Several confirmed 2025 nation-state supply chain operations involved code that sat dormant for months after being deployed, awaiting specific environmental triggers before activating. The operational tempo of these campaigns is closer to intelligence collection than to traditional malware deployment.
Cleanup discipline has improved. When operations are detected, the post-detection cleanup is more thorough. Persistence in non-supply-chain pathways often outlasts the original supply chain foothold, and the supply chain entry point is sometimes deliberately abandoned to draw defender attention away from the broader operation.
Recurring operational signatures
Several operational signatures recur across attributed nation-state supply chain operations in the 2025 to 2026 period.
Long-dormant infrastructure is heavily used. Domains, certificates, and service accounts created years before an operation are activated for the operation, then retired immediately afterward. The pre-positioning makes contemporaneous threat intelligence less useful.
Living-off-trusted-software is preferred. Rather than introducing new tooling, operators use the legitimate functionality of compromised vendor products to perform operations within victim environments. This reduces the malware-detection signal substantially.
Operational compartmentalization is strict. Different teams within the same operator handle different stages, with limited cross-stage visibility. Detection of one stage rarely cascades to disclosure of another.
Cover infrastructure mimics legitimate vendor patterns. Outbound connections from compromised assets blend in with the legitimate connection patterns of the affected vendor's products. Network defenders looking for anomalies need detailed baselines of normal vendor product behavior.
Use of intermediate victims is common. Rather than targeting the ultimate intended victim directly, operators move through one or more intermediate organizations whose compromise is incidental to the broader objective. This complicates attribution and slows defender response.
Open-source as nation-state surface
The xz Utils incident in 2024 was a significant moment because it demonstrated nation-state-level patience and execution against a critical open-source project rather than a commercial vendor. The 2025 record contains additional cases where attribution to nation-state-linked operators is publicly assessed with varying levels of confidence.
The pattern that emerges is that open-source projects that are critical infrastructure but resourcing-poor are an attractive surface for operators willing to invest in long-running personas. The investment is real (months to years of relationship building, careful contribution patterns, sometimes social engineering across multiple maintainer relationships), but the payoff justifies it for high-value objectives.
Several aspects of the 2025 incidents suggest deliberate operational discipline. Persona accounts maintained consistent contribution patterns. Communication with maintainer communities followed culturally appropriate patterns. The malicious changes, when they appeared, were designed to survive casual review by experienced reviewers.
Defensive responses have included foundation-level investment in maintainer support, contributor verification initiatives, and behavior tracking across projects. Coverage is uneven and the gap between high-profile critical projects and the long tail remains substantial.
Build environment compromise patterns
Direct compromise of vendor build environments, as in the original SolarWinds case, has become harder but not impossible. Several confirmed 2025 cases show that nation-state operators continue to invest in this approach when the target justifies it.
The patterns that succeed in 2025 differ from 2020. Operators now target build environments through compromised tooling rather than through direct credential theft, because the tooling has often not been hardened to the same standard as the keys. A compromised observability agent, IDE plugin, or developer machine management tool can yield build-environment access without triggering the controls that protect the build pipeline itself.
Once inside, operators favor minimal modification of the build process. Rather than inserting new build steps, they alter the inputs to existing steps. The modified build still produces an artifact that passes integrity checks against the modified inputs, even though the inputs themselves are no longer authentic.
Detection of these compromises requires either reproducible build verification (rebuilding from public source and comparing) or out-of-band integrity monitoring (verifying that the build environment itself matches known-good configuration). Both are mature capabilities at well-resourced vendors and rare elsewhere.
Defender adaptations
The defender community has adapted in several ways since SolarWinds.
SBOM expectations have hardened. Major buyers of software now expect SBOMs as part of procurement, and the SBOMs are increasingly checked rather than filed. The signal-to-noise ratio of SBOMs has improved.
Government acquisition policies have moved. Multiple governments now require attestations about software supply chain controls for vendors selling into critical infrastructure. The attestations themselves vary in rigor, but the existence of the requirement has driven structural changes at vendors.
Threat intelligence sharing has matured. The mechanisms by which evidence of nation-state supply chain operations is shared across affected organizations are faster and more concrete than they were in 2020. Cross-organization detection of campaign infrastructure is increasingly real-time.
Cross-vendor coordination on response has improved. When a nation-state supply chain operation is detected, the affected vendors now generally coordinate disclosure timing, share technical indicators, and align customer notifications. The coordination is imperfect but visibly better than the early SolarWinds period.
What this implies for 2026
The trajectory suggests several implications for the rest of 2026 and beyond.
Nation-state operators will continue to find paths through the supply chain because the asymmetry favors them: investment in long-running operations is feasible for them and impractical for most defenders. The defensive game is not to prevent every operation but to detect them faster and limit blast radius.
The most exposed surface is no longer the largest commercial vendors, who have invested heavily in supply chain controls since 2020. The most exposed surface is mid-sized vendors and critical open-source projects, where investment has lagged.
The defensive pattern that scales is structural rather than reactive. Reproducible builds, provenance attestations, hardware-backed signing, and continuous SBOM management raise the cost of all operator categories simultaneously, including nation-state ones, without requiring defenders to identify specific operations in advance.
How Safeguard helps
Safeguard tracks supply chain risk signals across the dependency, vendor, and build infrastructure of customer products, surfacing the indicators most relevant to nation-state-style operations: provenance gaps, unusual contributor activity in critical open-source dependencies, build environment configuration drift, and known compromise history for each component. When threat intelligence about a nation-state supply chain operation becomes available, Safeguard identifies every affected component currently in customer environments and routes structured response plans directly to responsible teams. Policy gates can require provenance attestations and reproducible build verification for components in regulated or high-value products. For organizations operating in environments where nation-state supply chain risk is real rather than theoretical, this turns an opaque adversary problem into a tracked operational surface with measurable controls.