I haven't been following this story very closely. Was each and every organization individually targeted after the SolarWinds compromise was in place, or was it sort of opportunistic and automated, where the SolarWinds compromise phoned home and most of the 250 orgs just got automated/scripted escalation and exfiltration, and only a few orgs got personal attention?
Something like 18,000 orgs got compromised IIRC, but the 250 are the ones where they chose to actually activate secondary payloads. So 250 got personal attention.
