Wordfence has the the oddly title article US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware.
I say oddly titled because their conclusion is the opposite of the title. Upon rereading the title, I see that there is sarcasm in it that I did not notice at first.
The IP addresses that DHS provided may have been used for an attack by a state actor like Russia. But they don’t appear to provide any association with Russia. They are probably used by a wide range of other malicious actors, especially the 15% of IP addresses that are Tor exit nodes.
The malware sample is old, widely used and appears to be Ukrainian. It has no apparent relationship with Russian intelligence and it would be an indicator of compromise for any website.
Our “intelligence” agencies or the political hacks that oversee them may not be aware of how many computer security experts there are in the world who can analyze this data that they released. They probably figure that most people will take them at their word and believe their claim that this data proves Russia is behind it all. In fact the data shows that they have no reason to believe the Russians did it, other than the fact that they want us to believe that the Russians did it.