Ummm
Could have accessed sealed cases against Russian hackers? Yeah... yeah, there's that, too. From an espionage PoV, cases relating directly to intelligence matters would be another obvious target, ditto those against "politically exposed persons", especially those towards the top of the tree. Less obviously, all sorts of other cases could be useful for an attacker, for all manner of purposes, from blackmail, to getting better knowledge of investigator TTP (and therefore how to escape detection),.. I'm sure there are plenty of other use cases.
Whilst the "surgical strike" type attack is very rare, there's a big pressure to extract metadata ASAP to enable other analysts to ID material to exfiltrate. Trade-off between increased chance of detection if trying to exfiltrate petabytes, vs hanging around so long that they're discovered via other means (ie., the discovery of the SolarWinds trojan.) Must make for interesting discussions in whichever war rooms they have those debates.