Did I miss something?
There does not seem to be any suggestion that "critical" systems were either infected or connected to the Internet.
As far as I can recall, no new reactors have been built in France for nearly 20 years, and at that time the internet was barely noticed.
The architecture of the approved control systems would not have included anything like Internet connectivity. If I recall correctly, the operator workstations were not even empowered to perform control actions and were limited to monitoring functions - there was no way that a computer that ran any sort of sophisticated graphics could meet the SIL rating required to be involved in control.
Over the intervening years there have almost certainly been some system upgrades, but the SIL aspect of computers has not improved so I would expect that the actual control is still performed by dedicated embedded computers using relatively primitive operating systems. That's not to say that they are automatically immune to network issues (if they are network connected) but your average computer virus or other malware would not get a foothold.
Whereas some Power Stations may use Siemens style PLCs to control them, Nuclear ones would not. They have to meet other regulations.