The report shows far more than signs of intrusion - modules for credential theft, data transmission, persistence mechanisms, keylogging etc. were all discovered. I'd call that hostile.
I'm not sure I get your analogy, but no, I wouldn't expel anyone for "radar touching my planes", but in this case that's the equivalent of browsing the DNC website. If someone had broken into my airforce base, stolen security badges to get into other airforce bases, was photographing planes and stealing and leaking blueprints then you better believe I'd take action
