Not again ...
Adversaries masquerading as another government department is an interesting departure, but (as usual) what we haven't been told is what the primary vector was -- e.g. how did the get into the position to be able to masquerade?
I'm becoming convinced that most of these massive breaches are actually pretty trivial to initiate, which reflects badly on the general infosec stance of the victims. We urgently need to beef up our pre-emptive defences, as opposed to continuing in the reactive mode in which infosec still largely seems to be stuck.