The cyber researchers described the breach as a supply chain attack, in which the hack could enable attacks on downstream entities. The malicious software, which has since been removed, could have given hackers access to a computer's data including access credentials, which can then be used to carry out additional data theft or other kinds of attacks.