The long-term plan to gain access, and the backdoor’s careful design have experts agreeing that “Jia Tan” was probably not a lone wolf. Security researcher Costin Raiu tells Wired the XZ Utils attack is far more “cunning” than anything he’d seen previously. Others have looked into when Tan submitted their code. Most uploads were linked to China’s time zone, while several were (perhaps accidentally) in the Middle East or Eastern Europe, and they continued working on notable Chinese holidays.