"I meant "zero day" as far as the IT security industry is concerned"

I know what you mean, but the point I was trying to make is that in this case that concept doesn't really fit the bill
In most zero days, an exploit is found and then its a race to patch it before someone breaks the exploit open with an attack
In this case they've had five years to capiltalise on the breach - and to refine it. It really does need a new descriptor - a null detection attack maybe? Or a -1825 day attack (meaning the five years headstart)? Dunno, I'm just chuntering

But the important thing is, as you suggest: what else is waiting out there?