It seems really lame to airgap a system and not have some rigorous way of preventing USB infection. Isn't that a really well-known vulnerability?
I'm not sure I buy that it's Russia. Maybe some other governmental authors posing as/blaming Russia. I wonder whichever other nations have done that in the past, and whichever possible ones have the most incentive, and whatever possible incentive could that be? Remember stux/flame?
https://www.bleepingcomputer.com/news/security/goldenjackal-state-hackers-silently-attacking-govts-since-2019/
GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia," explains Kaspersky.
So Europe, the Middle East and South Asia. Anywhere else?