How many Russian state sponsored hacking teams have Symantec uncovered? They didn't even assign any specific state to the hacking teams, it can only be assumed from the targets. The fact that anyone spends time and publishes such findings is commendable, and is more than I have seen from other companies.
PS. Perhaps I just missed some publications, so I would welcome any links.
Or option 3 they covered it up for their Russian buddies like the U.S. firms probably covered up Equation Group. This should be the default assumptions in what are essentially police states with surveillance and hacking prone intelligence services + ability to gag, bribe, or destroy commercial vendors. Best not to trust any of them in general and especially not trust them to turn on their domestic, intelligence services.
PS. Perhaps I just missed some publications, so I would welcome any links.