Yup… it gets worse… 
https://www.reuters.com/article/us-cyber-solarwinds-china-idUSKBN2A22K8
While the alleged Russian hackers penetrated deep into SolarWinds network and hid a “back door” in Orion software updates which were then sent to customers, the suspected Chinese group exploited a separate bug in Orion’s code to help spread across networks they had already compromised, the sources said.
…via…
https://www.schneier.com/blog/archives/2021/02/another-solarwinds-orion-hack.html
