US has been doing it for a good while so it’s no shock honestly. Stuxnet for starters, not to mention Cisco...and a lot more like the “failsafe” stop mechanics build-ins and so on.
US just doesn’t like it when the tide is turned on them. To claim US doesn’t do it (like traffic diversion) is head in the sand.
Or maybe the US is just not as “exceptional” as they claim