The hackers breached the company’s network and used one of its code-signing certificate (an older and expired one mind you) to digitally sign a piece of malware and package it as an update for the Opera browser.
While it is not entirely clear what happened, it would appear as though the bad guys went as far as pushing the update for a 36-minute period, meaning they had access to Opera’s infrastructure during that time.
The malicious file followed the same naming convention as the legitimate Opera auto update files but was much smaller:
