>>myster+(OP)
> Traffic from certain targeted users was selectively redirected to attacker-controlled served malicious update manifests.
I'd be curious to know if there was any pattern as to which users were targeted, but the post doesn't go into any further detail except to say it was likely a Chinese state-sponsored group.