Whatever the "bullshit blogs" might be (I haven't noticed these stories, but maybe you can provide links?), they're in good company now, because that's more or less the story the NYT, WSJ, and WaPo have developed.
There's not a lot of attribution going on here, though. Take the WaPo story, they just tell us what's possible and leave us to draw conclusions ourselves -
“That’s the crux of the matter,” said one industry official who received the briefing. “Whether Kaspersky is working directly for the Russian government or not doesn’t matter; their Internet service providers are subject to monitoring. So virtually anything shared with Kaspersky could become the property of the Russian government.”
Late last month, the National Intelligence Council completed a classified report that it shared with NATO allies concluding that the FSB had “probable access” to Kaspersky customer databases and source code. That access, it concluded, could help enable cyberattacks against U.S. government, commercial and industrial control networks.
