A series of nine malicious NuGet packages, attributed to a user named “shanhai666,” has been found capable of deploying time-delayed malware that targets industrial control systems, potentially undermining database operations. The most dangerous package, Sharp7Extend, leverages a .NET library to execute attacks on Siemens PLCs, causing application failures and write errors after specific trigger dates in 2027 and 2028. This sophisticated supply chain attack exemplifies how threat actors can exploit trust within software development environments, raising significant concerns for cybersecurity in critical infrastructure. The origins of the threat suggest a possible Chinese involvement, emphasizing the need for heightened vigilance and improved security measures within the software supply chain to protect against such stealthy intrusions.