A big source of confusion on this kind of thing is that the HN crowd tends to see "state actor" and think "pervasive surveillance (by the NSA)".
In context, and in the security industry in general, "state actor" refers to active (although often broadly cast) penetration attempts by groups thought to be operated by foreign governments. These groups do not have significant surveillance capabilities, so they're trying to build it by doing things like getting access to the email of potentially interesting people, often via credential stealing malware or plain old phishing. Their methods are often not particularly sophisticated, but they're more persistent and better funded than most other threat actors. On the other hand, their methods sometimes are very sophisticated, so it's good to detect a problem as early as possible, as Yahoo is trying to help users do.
So, what you are saying is we should lose all hope of ever being notified about an NSA attack because they own the networks. Like that made it all-right... REALLY????
In context, and in the security industry in general, "state actor" refers to active (although often broadly cast) penetration attempts by groups thought to be operated by foreign governments. These groups do not have significant surveillance capabilities, so they're trying to build it by doing things like getting access to the email of potentially interesting people, often via credential stealing malware or plain old phishing. Their methods are often not particularly sophisticated, but they're more persistent and better funded than most other threat actors. On the other hand, their methods sometimes are very sophisticated, so it's good to detect a problem as early as possible, as Yahoo is trying to help users do.