first they used open and vulnerable networks of universities and hotels to attack, extract and publish
"An Internet Protocol address the malware used to communicate with the hackers was also located at a university in Thailand, this person said. Hackers often take advantage of open university networks in initiating attacks. Katie Roberts, a spokeswoman for Starwood Hotels & Resorts Worldwide Inc. (HOT), which owns the St. Regis Bangkok, didn’t respond to emails seeking comment.
If the hackers were indeed at the St. Regis Hotel in Bangkok, they were essentially hiding in plain sight by using a busy wireless network available to hundreds of guests.
this also says something about the security of the networks they are offering their clients if hackers can get inside and out and abuse it at their own will
secondly after they have penetrated the network and after they have extracted the information (just look at the dates of the different packages they are leaking) they have decided to destroy as much as possible and they have launched that attack real fast
"Kurt Baumgartner, principal security researcher at Kaspersky Lab in Denver, Colorado, also found similarities. As in South Korea, the destructive programs were compiled less than 48 hours before the attack, he said. In both instances, the hackers also defaced websites with skeleton images and vaguely political messages
this means that your incident response team should have the resources and the instruments and the authority to intervene immediately on the whole of the network if such a 'wiperattack' is happening and doesn't have to wait for other people to begin to understand what is happening and holding on to some authority while the whole network is just disappearing at an ever increasing rate
get a snort in your network