Now that's interesting, I initially read this article using Firefox's reader mode. Turns out the article is a lot longer than presented in reader mode (8 of 21 paragraphs), hence my comment. The detail is after the part I was presented, had you not mentioned the technique used I wouldn't have known.
I understand how one would use YARA rules to identify that there's a file in VirusTotal containing secrets. What I don't get is whether there's a way for an actor to actually get the content of that file.