I listened to the report on this article on my way to work. I had the exact same thought as you. I was annoyed that they kept it so general, but it makes sense from the perspective of keeping the target in the dark on the methods used.
I will add, I've undergone various security-focused corporate trainings over the years, once our trainer was a retired Airman, formerly attached to the NSA.
Had had one and exactly one story he was allowed to share with us, and that was incredibly vague like the article. "We infected the target's mother's PC, when the target was fixing the machine we had an asset fake a crisis prompting the target to (stupidly) access a target machine from the mother's infected PC." As he explained, this was all he was authorized to share. The reality is there is very little they can share without prior clearance from the agency, and this is a non-trivial process.