Not to defend doge at be all, but the article specifically mentioned installing a bunch of proxy and scraping tools. Is this likely to be an actual Russian state attack or just extremely poor opsec / an attempt to evade internal controls, still likely very illegal. I'm all for holding all involved accountable to the fullest extent, but this is too sloppy for Russian state involvement to make me think they're on any intelligence payroll anywhere.
On the other side, why would Russia need to hide it's involvement in anything with this administration? If they're not willing collaborators they're seemingly entirely beguiled by Russia propaganda and schmoozing.
Brazenly just logging in from Russia can be a statement all its own.