No, but the patience is quite amazing which makes me think it is someone who is employed to do this either by an intelligence agency or by a major ransomware company.
I think the undersold part with the patience/timeline taking years is that “Jia” surely has more identities and scams in play.
Everyone making products used as supply chain components for someone else should be looking at the timeline and considering which of their developers might match the same pattern.
I do not believe that “Jia” had only one iron in the fire.
I wouldn't make a Pikachu face if it was proven to be a major actor.
But the "amazing patience" is not at all unusual among people who work on open source projects for fun, right?
And what would the payday have been for a single individual who managed to get this backdoor deployed in all major distributions? How much is something like that worth on the black market? Tens of millions of dollars?
Everyone making products used as supply chain components for someone else should be looking at the timeline and considering which of their developers might match the same pattern.
I do not believe that “Jia” had only one iron in the fire.