From what I can tell, all we know is that the attackers definitely got into their build system (since the trojan was signed), and we know they moved laterally through exploits in various Microsoft products: https://en.wikipedia.org/wiki/2020_United_States_federal_gov...