the infection at Creech was - allegedly - a keylogger normally found on PC networks and was normally used for obtaining user names / passwords for gaming accounts. However it could equally be used for capturing command keystrokes.
I can quite easily see how a few hours keystroke records could divulge enough information for a third party to at least disrupt control of a UAV
That doesn't explain how to break into the system itself though - that all depends on just how exposed to the world wide interweb the command and control system is.
But essentially, to anyone with the required skill, if its connected, its accessible.
What you have to understand is that virus / malware writing is not nowadays the hobby of a few spotty teens in their bedrooms. Its big business. A typical Russian post-doctorate computer scientist can earn more money writing malware for the Russian mafia than he can in industry. For someone like that, the malware industry is a real genuine career option