Chris Boyd, malware intelligence analyst at security firm Malwarebytes, said: “The company says that access to corporate servers was gained when a small number of employees were compromised. Whilst it’s impossible to say for sure until more detail emerges, this could be achieved as the result of a targeted ‘watering hole’ compromise or someone falling victim to spear phishing or a another form of social engineering. These types of attacks aim to get inside pre-identified targets such as companies and other high-value institutions.”