From Wikipedia
Mandiant traced the intrusions to reused sample ASP.NET machine keys from older Sitecore deployment guides.
