Yes, but only according to the company's own logs, which were not externally validated. To rephrase, the company thinks this was an active attacker based on logs its own tool generates. It does not discount the possibility that the tool generated erroneous logs or identified the wrong machine(s).