A supply chain attacks where the vector relies on #dns spoofing and #dnnsec is of no use:
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/
I suppose the whole idea of "trusting" some random #resolver (from your ISP or not) was never a good idea.
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks.
Pontiff Fractal Tiam