Really it's crazy this isn't more common, which means it probably will become more common at some point.

They didn't do anything crazy. Once they had a target, they look up an office on Google Maps. Find the nearest businesses that pop up on the map or Street View. Search dark web for access brokers offering access to any of those nearby businesses. Access neighbor network, priv-esc, take over WiFi card mgmt, and plug in some creds that were already confirmed via cred stuffing (too many vendors DO effectively distinguish between failed and successful authentications on the user-facing side... this technique demonstrates the very problem with that approach!).

Voila, you are on the target network, authenticated, and on the trusted side. None of that is particularly high effort, requiring APT resources. That's terrifying.