>>...Historically, Russia has been pretty well-known for top-tier offensive cyber operations...
I think that offensive capability came more from criminal hacker gangs they co-opted, their defense against them having been particularly dire consequences if they hack anything in "mother Russia". One of the lesser known consequences is that their bots avoid PCs with Cyrillic language packs installed, so if you’re not in Russia it makes sense to install those as secondary languages (no need to actually use them).
That said, I’d expect the NSA had already infiltrated those systems. A Ukranian hacker also getting in - and then announcing it - might cause problems for ongoing surveillance. I’d point to US knowledge that the Russians intended a full scale invasion of Ukraine rather than simple posturing of tank brigade at the border as evidence that they were well and truly 'in' Russian systems, most probably kept more secure than the ones you mention here.
And for anyone wondering about their own cycbersecurity, the one thing you can do to make it more difficult for hackers is to NOT use the same username / password on multiple sites - and don’t use a password that might be in a hacker dictionary of common passwords. The simplest way to do this is to use a password manager.