I tend to mistrust these attributions
The problem I have with attributing hacks is there there is a difference between a hacker based in China/US/Ukraine/France/Russia which is who you always find in your typical website 404 log, and a government sanctioned operator/operation..
1 - I am *always* suspicious of casual tagging a whole group or country as it makes for lazy and unnuanced thinking;
2 - how can you tell the difference?
3 - how trustworthy is the claim? Making such claims is also subject to political manipulation.
4 - "bigging up" the alleged hacker may make it appear that the hack would have happened anyway, and from what I have seen so far, that really isn't a feasible excuse for Marriott. There's quite a difference between making a mistake and simply not paying attention at all.