> Is there a plausible explanation for who would do this, besides Russia?
Any engineer could accidentally do it... I can totally imagine the release engineer accidentally pushing the dev version, only to realise later that the dev version doesn't have quite the right config to connect for example.
Blaming it on a cyber attack is a lot less bad than saying "whoops, we bricked everyone's modems".
It should be pretty easy to figure out which one it is, except if the deployment vector was actually a malicious firmware update.
A plausibly deniable exploit like that is probably orders of magnitude more expensive, and the timing is suspicious enough that it's probably not even worth trying. In any case, it's not like it's trivial to attribute (beyond reasonable doubt) a "transparent" cyber attack either.
There's still the incentive to cover it up externally and blame it on a cyberattack as opposed to poor internal processes that allowed such a bug to make it to production.
Any engineer could accidentally do it... I can totally imagine the release engineer accidentally pushing the dev version, only to realise later that the dev version doesn't have quite the right config to connect for example.
Blaming it on a cyber attack is a lot less bad than saying "whoops, we bricked everyone's modems".