Its not that.

I would bet a large sum of money that Mythos was put on the same local network as the "systems" (ie you have access to services like UPnP brokers that never meant for outside internet), and the "broke into" is just a blanket term for finding some bug which can range from simply crashing the program, to actual remote code execution. And its probably mostly the former. It used to be that cyber security research was all about finding ways to crash the program, which then implied that you can inject shell code, so the two became synonymous for vulnerability, but these days its very much not the case.