You seem to be assuming a lot of things, like that Kaspersky couldn't deploy certain updates to targeted customers? That malware will leave behind trails of how it got on the computer? That plausible deniability is impossible?

What happens when a definition update "reduces false positives" but actually lets in a Russian cyberweapon that is delivered independently?