This stinks of foreign sponsorship. I can see how they could pull off the social engineering but being able to work their way around a foreign system like they did - no way.
Active directory has become an invaluable tool for ransome gangs, it not only gives them effortless root access on every system, but also documents the company structure so you can focus your resources. This isn't sophisticated at all.
