Yes read about it. It's once again a smart but not sophisticated attack at all. What's interesting, is that they pulled this off without any insider help, the malware did all of the work. They didn't even use zero days, so patching would have already helped. But anti-executable, sandboxing and behavior blocking would also easily have stopped this attack. Here is more info about a similar attack: http://www.group-ib.com/brochures/gib-buhtrap-report.pdf
As well as common sense "do not fall for phising emails" and regular updating of MS software. BTW, thanks for the link to the detailed info on these attacks.
Yes, that's what I tried to explain in some other thread. At least 98% of the attacks that I read about can all be easily stopped, with both security tools and security awareness training. These hackers are not using magic, but known attack techniques.