Why oops, at least in relation to parent's comment? The process, while perhaps complicated to detect, is not particularly complicated to design from scratch. The technique as described by OPs post could probably be designed by a single individual in a day.
Just from the target I'd suspect it is not someone doing it for the lulz, but I didn't see anything in OPs quote that indicates that it must be a nation state.
This is the danger of these kind of write-ups; people will look at it and go "oh that's simple, anyone could do that". It's a great example of the cognitive bias called the curse of knowledge.
Edit: a quick counterfactual here. If this is so easy and so valuable, why is it so rare?
Because there is so much more than what the OP quoted. I was disagreeing that you could characterize what OP quoted as being indicative of a nation state. There was far more to this hack than that.
> The technique as described by OPs post could probably be designed by a single individual in a day.
Designed, as in back-of-the-envelope chicken scratching? Sure. You can reduce almost any exploit to "compromise system or org, leverage compromise to go after another system or org" and any stealth measures reduce to something like "hide your own efforts among legitimate signals, and use cutouts to make them harder to trace back".
I'm not sure what you think counts as "sophistication", but thinking up the specifics of multiple stages, and executing each stage without errors that would expose the other stages to detection isn't easy, and takes time and patience by many people with diverse skills working in concert.
Sure, each specific link in the chain may not look difficult, but those were just the solutions that worked in isolation when tried in whatever testing environment(s) the threat-actor operates (not to mention funding the "blue team" that operates it, because you don't want your unsuccessful attempts to tip your hand), and then deployed in sequence.
Or were you under the impression that this whole effort was created de-novo and worked (correctly, might I add) without being detected the very first time each component was tried?
Just from the target I'd suspect it is not someone doing it for the lulz, but I didn't see anything in OPs quote that indicates that it must be a nation state.