Gained persistent access to internal bank network
“gaining persistent access to an internal banking network for a long period of time”
What's needed is some kind of device at the border that will monitor and block connects to unknown destination IP addresses, something like a firewall (1994). With a second device that would trip an alarm on detecting suspicious activity, something like a tripwire (1997).
'The attachment we detected in this new wave is a “Microsoft Compiled HTML Help” file'