Imho, there's a big difference between supply chain attacks on core Cisco routers vs USB hubs.
These attacks are not easy or cheap, and by their very nature need to be deployed in small % of total installs (as every use increases the likelihood of discovery).
Criminal organizations interested in ransoming details might be interested in casting a wide net, but intelligence services less so.
These attacks are not easy or cheap, and by their very nature need to be deployed in small % of total installs (as every use increases the likelihood of discovery).
Criminal organizations interested in ransoming details might be interested in casting a wide net, but intelligence services less so.