>You don't get this kind of attack because you had an exposed FTP server
This kind of attack needs an entry point, and an exposed FTP server provides the potential for one. Whether it actually was the entry point is a separate matter, willfully ignoring one unlocked door means there's likely to be others.
Initial access is part of the day-to-day these days.
you can't cover all entry points, it's a matter of time for someone to make a mistake. the fact that the adversary showed these extreme levels of proficiency and dedication tells me that the vast majority of companies would have fallen for that. In fact, the backdoor was running for months on targets like Microsoft, gov agencies, security companies like Malwarebytes.
These companies know a thing or two about security.
Today we work with "assume breach" mentality that assumes you are already compromised.
This kind of attack needs an entry point, and an exposed FTP server provides the potential for one. Whether it actually was the entry point is a separate matter, willfully ignoring one unlocked door means there's likely to be others.