Does what is stated in the last paragraph sound familiar? http://www.securityweek.com/espionage-attack-uses-scripts-data-exfiltration