An Attack or a Screwup?
There's no way to really know but it sounds like a typical situation where someone (maybe working from home and connected via VPN?) checked one of their email accounts and opened an attachment that seemed to be from a supplier... maybe Newlabel.img to see if the new labels looked good, or maybe proforma invoice.zip (proforma invoice.exe), Enquiry.lzh, New Purchase - June.zip (New Purchase - June.bat), VALIDATE HERE.html, awb_1446275724_invoice-receipt.xlsm ... etc etc - these are just the ones I've received (and deleted) since lunchtime.
If you are connected to the internet in any way then you have the potential to be under attack. Everything flowing through the internet must be checked and quarantined if there is even the slightest possibility of infection.