Hackers first compromised a different software maker and embedded malware in one of its programs. 3CX got compromised when a worker downloaded that program. It's not known why worker downloaded it.
The document, part of a cache of leaks recently circulated on the internet, suggests the hackers had the ability to cause an explosion and sought instruction from the FSB.