For its part, the FBI's only official response is that it "routinely notifies" people and organizations of threats. Off the record, however, an unofficial source told the AP that the FBI struggles to cope with the volume of potential targets and had to prioritize alerts "to the best of our ability."

Whether or not that claim holds water is another matter. Although the hit list (obtained thanks to Secureworks poring through targeting data) was daunting with over 500 US-based targets, there doesn't appear to be evidence that the FBI launched a significant effort to warn those people and organizations. And there's the problem: while it's hard to know if the FBI could have notified all 500 in a timely manner, there doesn't appear to have been a concerted attempt to try.

It's not certain how much damage Russia's email attack actually caused. The targets had to have opened questionable links and otherwise fallen prey, and some hadn't occupied sensitive posts for years. However, the findings suggest that the FBI didn't always have a sense of urgency when dealing with Russia's coordinated hacking campaigns, and may not have taken them more seriously until the 2016 presidential election made clear they were a serious problem.