Hacking around with something in a lab is not quite the same as weaponizing an exploit. And, while your thresholds for technical accomplishment might be higher than Kaspersky's, regardless whether we knew this was "feasible" before, it's the first documented case of completely taking over the hard drive. That I know of.
You are correct that it does require more effort to make things production-ready. From my experience doing similar things -- not weaponizing exploits, but turning them into polished tools as part of [1] and [2] which I'd consider roughly equivalent -- I would estimate that productionizing an exploit takes about 3-5 times longer than the time required to find the exploits themselves.
Note that there have been proofs-of-concept of this for some time [3], as linked elsewhere in this thread. While it is still impressive that they could link it into their exploit framework, I honestly believe that you could "weaponize" something like the previously linked exploit without a massive effort.
Also note that this is not a "complete takeover" of an HDD, but rather an exploit that allows it to interpose between the platter data and the computer.
Yes, it's not something totally unprecedented that we hadn't even imagined possible before. You are correct there.
How is it not a complete takeover? I realize news articles are not the best technical sources as they get terms & concepts wrong, but I am reading that the firmware is completely reflashed, which means the HDD CPU has been utterly "pwned", for lack of a better term.
Technically it's pwned, but you are still limited by the amount of time you have for reverse engineering, implementation and validation. For example, it seems that they obtain storage area by calling some kind of drive's own reserved space allocator, without hacking it to hide this usage from host queries. That's clearly a "limited hack" with potential for improvement.
