I have often wondered about this exact situation. Like there are many instances of companies who depend on keeping their network secure and are actively taking preventative measures to keep their network safe that end up getting hacked. So surely there has to have been infiltration to some of the critical infrastructure keeping cities running. Why don't we hear more about it?
Only semi-conscientious companies will even KNOW they were compromised.
Suspect the rest are either not even looking and/or the attackers removed all their traces before anyone could possibly see.
When was the last time YOU inspected the authorization logs in systemd or the event log in Windows on your personal computer…
In Windows Defender we trust…