So FireEye is a big cybersecurity company. They were hacked and got all of their offensive hacking tools stolen. Both their statements and the FBI says that the hacker was probably a foreign government because it was a really sophisticated attack, but they never publicly says it was Russia. Some of the articles about this don't even mention Russia (https://www.cnn.com/2020/12/08/tech/fireeye-cyberattack/index.html).
The NYT says, with no discernible sources, that:
" The hack raises the possibility that Russian intelligence agencies saw an advantage in mounting the attack while American attention — including FireEye’s — was focused on securing the presidential election system. At a moment that the nation’s public and private intelligence systems were seeking out breaches of voter registration systems or voting machines, it may have a been a good time for those Russian agencies, which were involved in the 2016 election breaches, to turn their sights on other targets."
Agreed. A responsible government might pay security researchers to find 0 days, but then they would turn around and make sure their citizens were safe from them. The NSA is more interested in attacking other countries then protecting US citizens or allies.