Periodically, advisories come from the Cyber Security Ontario initiative regarding threats that have been identified. This particular incident was handled by The Canadian Centre for Cyber Security. The incident appeared to be isolated and targeted.
The compromise started with a an email instructing users to click on a URL to download a malicious excel file. Once the file was downloaded, anyone that opened the file was prompted to enable macros and anyone that complied with that would deliver the Qakbot payload their machine. With the initial payload delivered, further compromise of the computer was possible using other tools.
It is imperative that your staff be aware of the risks presented from email and other modern attack vectors. This particular attack had 3 interactive steps that had to be followed before it was successful, meaning that there were 3 opportunities to question and prevent it. There is serious risk when downloading Microsoft Office documents from untrusted sources and any file that requests you to enable macros should be suspect immediately.