At the same time, there's a difference between cyberwarefare strengths and operational security being practiced (or not) by the soldiers in the field. It only takes one person to break protcol and pull out an unsecure device. Or it could be done on purpose as a bit of plausible deniability of sabatoge.
There's a bunch of reasons I can think of than just Russia is weak about secure comms.
It's an insecure protocol rather than a device. If they'd used an encrypted VOIP app it would literally be secure, but they banned those out of paranoia and weren't able to provide their own replacements.
I think the actual intercept was real intelligence tapping the cell phone network and OSINT accounts just repeated it, but not sure.
There's a bunch of reasons I can think of than just Russia is weak about secure comms.