The general course of the attack was pretty standard. There was a root privilege escalation on one of our platforms which permitted exposure of credentials that were then used to access machines with externally-facing SSH. Our network partitioning prevented escalation to other zones of our network.
They’ve documented the experience as well as their steps of resolving the issue and preventing it from happening again. It’s well worth a read for those that are may have to deal with things like this in the future (or for those that have had to deal with in the past).