As in the SolarWinds attack, the PHP hackers targeted the code base of a widely used library so that the changes they made would impact instances of the software run by end users.