This is a pretty amazing exploit by the attackers. Either they had access to the pagers during shipment and installed malware or had access to RCE on the devices.