Hackers first compromised a different software maker and embedded malware in one of its programs. 3CX got compromised when a worker downloaded that program. It's not known why worker downloaded it.