Honestly, I think they've provided as much as they're going to. The data from the first phase was used already to identify the computers they were spearing for. The attackers had foreknowledge (I assume) that the target corperations used ccleaner (more specifically ccleaner cloud). The backdoor was inserted in the compile phase of the affected executable. Everything else you've asked for either won't be known or will be used in investigation to corral the who.