Or very untargeted. Something intended just to lay dormant by chance if succeeded...

It is very good backdoor to have if you at whatever time have dozens of options. See sshd running, test this you are done if it works, if not move to something else.

Or targeted not really at doing anything but at researching the nature of supply chain vulnerabilities themselves.

This doesn't look like a research.

This looks like state sponsored attack. Imagine having a backdoor that you can just go to any Linux server and with your key you can make it execute any code you wish without any audit trail. And no one without the key can do it, so even if your citizens use such vulnerable system other states won't be able to use your backdoor.

Spending two years actually maintaining an open source project that you will later backdoor is a very expensive way to perform such research.

Untargeted (backdoor goes almost everywhere), but very selective (backdoor can only be triggered by the original attacker).

https://en.wikipedia.org/wiki/NOBUS