Lack of proof of compromise, is not the lack of compromise. The assumption should be that any system hit was entirely compromised. Assumptions are what allowed this to occur.
By now you have all heard about the cyber attack that used SolarWinds Orion to exploit and compromise many businesses. Well, it is far more reaching than a handful of businesses, over 250 FEDERAL AGENCIES and businesses have been breached.
'Eight weeks later, General Nakasone and other American officials responsible for cybersecurity are now consumed by what they missed for at least nine months: a hacking, now believed to have affected upward of 250 federal agencies and businesses, that Russia aimed not at the election system but at the rest of the United States government and many large American corporations.'
And the funny (not in a ha ha way) part of this whole thing, it took many weeks to acknowledge the breach.