Yes, in this case though the virus was apparently a keylogger on a system that isn't (supposed to be) connected to the internet. So while it may have gathered information on what the operators typed in, it wasn't getting any magic passwords. Most of that (if done properly) would involve some secret keys that operators don't directly access.
And by deleting a repository I mean firing a Hellfire missile.