A malicious log-in occurred on an MSP's infrastructure through a customer's IP address, which turned out to not be an employee working on that day, leading to more of their customers being compromised with the same malware.