According to the DHS, the long-running Russian campaign has affected "hundreds of victims," and some companies may not even know they've been compromised as the attacks relied on the credentials of actual employees, making intrusions harder to identify. The attack is believed to have surfaced in spring 2016 and could still be continuing.
However, while the potential consequences of these attacks are serious, some experts maintain that the tangible risks are no greater than they were before these fresh attacks came to light. After a similar hacking revelation last year, CEO of cybersecurity firm Dragos Robert M. Lee wrote that "Our adversaries are at the starting point of their journey to cause significant disruption to our power grid, not the finish line."
Following the most recent news of Russian interference, Lee took to Twitter to reiterate that while the warnings of threats are important, much of the language used in reporting them is "not helpful and often misleading." He noted that cyber threats to industrial infrastructure are getting more aggressive, but urged people not to "hype up" the issue, adding that "It's bad enough without added fear."