Interesting, but I wonder if this has been going on for a long time, using Tor for C&C that is, seems like an obvious kinda idea IMHO.
Edited to add: Yep, missed this in first read through, from above second page of above link:
The Tor-based approach is not new, said Marco Preuss, head of the German global research and analysis team at antivirus vendor Kaspersky Lab, via email. "In the past years several presentations and research papers mentioned this method for botnets."
This story also reminds me of this Malware Targeting Windows 8 Uses Google Docs, where they were using Google Docs to obscure C&C path.