Attacker used a CVE in SaltStack master to gain access to LineageOS servers