Explore the evolution and impact of Chinese Advanced Persistent Threats (APTs) in software supply chain attacks through this comprehensive conference talk from BSidesLV 2022. Delve into notable incidents such as Operation Aurora, NotPetya, and ShadowHammer, examining their code breakdowns and attack methodologies. Investigate the exploitation of open-source software and the SonarQube breach. Analyze high-profile cases like SolarWinds, Dependency Confusion, XcodeSpy, and Kaseya VSA, along with other significant attacks from 2017 to 2020. Gain valuable insights into the abuse of trust, attack patterns, and essential takeaways for defending against these sophisticated threats in the software supply chain ecosystem.