In the comments of this the blogger notes that malware put in place to launch the exploits were all for Windows machines. It sounds like it mostly works by getting unwitting users to click on unknown emails. It's been 15 years and we're still doing that?
Not quite 'unknown' e-mails as I would think of them - these were e-mails that appeared to be from co-workers and addressed specifically to another individual, hence spear-phishing, rather than just phishing. For all intents and purposes, it probably had all the appearances of a legit e-mail.
If I understand it, then, someone opens the initial payload which allows malware to be downloaded- and this downloaded malware orchestrates the "spear phishing?"
I haven't seen this as I've been out of an organization for quite a while. Thanks for clarifying.
The documents and addresses used for high end spear phishing usually come from a recent previous compromise. You'll see a sender that you frequently get mail from and know personally and the document attached will be a new version of something they previously sent, or something new that person is working on that would be of particular interest. It is quite difficult to completely insulate even the smartest and most prepared organizations from persistent attacks like this - someone only has to screw up once, and people screw up a lot more than that.
I agree, that is quite a sophisticated attack and I hadn't been aware of it (even missed it after skimming the McAffee article I guess). Thanks for clarifying.
There are plenty of non-tech-savvy people employed by the federal government/large companies. It's easy to underestimate how large a percentage it still is.