This article in Wired.com about the SolarWinds hack, the aftermath (still ongoing, BTW), and the forensics is pretty sobering.
This should scare the bejeezus out of any cybersecurity professional…and any business that uses IT as a critical enabler (which is every business).
https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/amp
Long read, but excellent case study.