The security team traced the breach back to a single hackbot that had exploited a zero-day vulnerability.