Maybe the real target was some application that was using this component through the CDN. If you take over the CDN, youn can inject your code into the application and maybe steal something valuable.

That's the only reason I could think of for doing this, but I saw zero evidence that it was done that way. Baffling!