The attackers used a kind of malicious software tool that’s almost entirely used by China-based groups, cybersecurity researchers at Cisco Systems said.