The attack chain begins with a phishing Microsoft Office document ... Intended victims are asked to enable macros in order to view the file's content ...

I'm amazed anybody would fall for that. Would you?