I didn't think this was possible, but hackers had enough access to upload a backdoor .php file to various websites hosted via OpenLiteSpeed.
They exploited some WordPress vulnerability and uploaded a .php file somewhere containing a backdoor.
This file was a backdoor that allowed you to...