[gnode]

Maybe this campaign was as primitive as they let on. It's likely that bringing down a terrorist group's marketing campaign didn't need or warrant a sophisticated attack, like sabotaging Iran's nuclear programme with Stuxnet did. A concerted attack effort using public knowledge techniques may have been enough.

It's in the interest of cyber-warfare actors to not expose their capabilities unnecessarily. Although efforts are taken to prevent malware from coming to the attention of enemies / rivals, or even being adopted by them or criminals, deployment always comes with that risk.