If I'm understanding the article correctly, the hackers are using a easily reversed cypher for storing configuration data for their malware, which was reversed by assuming the presence of the string "C:\Windows\System". In the following decrypted data the name of the respective company targeted was found.

Yes I suppose it would be easily faked if the faker had performed a similar analysis on the malware...