1) "So where did the "five year" timeline come from?"
Some Sandworm attacks also use five older vulnerabilities that have already been patched. The exploits are used to install various versions of BlackEnergy, a malicious tool used by cybercriminals. The tool gained notoriety in 2008 when botnets infected with the malware were used to launch denial-of-service attacks against systems in Georgia during a standoff between that country and Russia.
2) "wishy washy explanation from ISight's John Hullquist on his claim about the hackers being Russian"
Hulquist said he believed they were supported by a nation state because they were engaging in espionage, not cyber crime.
crime can be anyone, espionage is reserved for a very select set of parties. it's a mere matter of deduction but feel free to believe what you wish, just stop posting it.