Karen Lawrence Öqvist
Sunburst was an ingenious phishing attack.
Humans are always the weakest link in any cybersecurity program... and who could have been prepared for this kind of phishing attack? Extremely difficult.
Would it have happened on a Machintosh, unlikely, although still possible if the user provides the Admin password to the system, which is not normal for a Mac update.
I'm not an except on this but I guess that the OS vendors need to build some integrity verification using some kind of crypto hashes on all updates, e.g. DRM type approach.