The reality probably isn't far off... I know in the past the "breaches of critical infrastructure" breathlessly reported by the media have actually just been wide-open SNMPv2 services using the default community string. I'm sure something similar happened here. Turns out you can just connect to port 161, press "power off," and be reported in the news as an "advanced persistent threat actor"