The first thing that hit my min when I saw the topic of this post: "Oh, Renegade, you!"
As for grammar'nstuff: "Unidentified attackers have infected government agencies and organizations in 23 countries with highly advanced malware that uses low-level code to stay hidden and Twitter and Google to ensure it always has a way to receive updates." might not be elegant, but I didn't find any problem parsing it: it uses low-level code to stay hidden, and it parses tweets and g+whatevers as a C&C channel - in a very inelegant and obvious way, it seems - why don't they stega-hide the info on sites with pictures of lolcats? It's 10+ years since I had that idea, and it can't really be a very unique idea, IMHO.
Yeah, it does say the updates themselves are stagenographically hidden in images (I wonder if it's real stega or just plain old EXIF or unused GIF blocks or whatever), but the content of the tweet in the picture has obvious payload.
Queued Kaspersky and CrySys reports for later. I snickered a bit at the Ars article - "Then there's the multilayered technical agility of the malware, including its ability to dynamically scan all functions from memory instead of importing them.
" - as if any of that is rocket science or requires much skill to do