Supply chain attack is emerging type of threat that is extremely hard to detect and yet is capable to bring very devastating consequences. History shows that those attacks may stay silent in infrastructure of software provider for a long time while waiting for a moment to activate and perform worm-like malware outbreak trough software updates. At the same time, those attacks may remain undetected in a plain sight of millions of installations worldwide while targeting only highly desired victims. It was demonstrated this year when we were able to uncover a number of supply chain attacks that later got known as “Operation ShadowHammer”. In this presentation we would like to give an overview and technical details of the latest and most prevalent supply chain attacks in Asia region that are allegedly linked all together with malicious actor who is known to perform supply chain attacks for over then a decade. In this presentation, we will share the following: 1) We will give an overview and share technical nuances of ShadowPad, CCleaner, Operation ShadowHammer incidents. 2) We will discuss the actor who is allegedly behind all of those attacks 3) We will share challenges and principles in detection of supply chain attacks