A threat actor used a targeted approach to hack into MSPs in order to gain access to the Department of Defense's (DoD) network. By spidering into each MSP customer's network and running scans on the DoD's IPs, they were able to jump into multiple customer environments and install keyloggers.