The recently identified threat actor uses public registries for distribution and has expanded capabilities to disrupt the software supply chain.