> Berulis said he went public after higher-ups at the agency told him not to report the matter to the US-CERT, as they’d previously agreed.

If the allegation is true, what would be the motivation of the higher-ups to keep this secret from US-CERT?

It appears to be a severe compromise, and the context suggests that much of the rest of the federal government is imminently vulnerable to the same tactics by the same threat actor.

Where the higher-ups reporting the security crisis through better channels?

Or were they trying to keep it quiet entirely, so might be complicit in something bad?