We're all in the IT game in one way or another but sometimes some of us need reminding about a few things.
One is that IPv4 addresses aren't a reliable guide to a person's identity or location. You can make some guesses based on what organization an address is assigned to but addresses are so easy to spoof that anyone needing to disguise their true location can easily do so.
Another is that you just can't tie a group -- "Russians", say -- to an individual "Russian". Our politicians do this all the time because that's what they do. We should know better; you can't make accurate deductions about a group of 150 million from the actions of an individual. (Same with "Chinese" -- there's billions of them and, no, they're not all alike.)
Another is that any sophisticated hacking operation should be both hiding its tracks and possibly planting a trail of misleading information. It might also have reverse tracking information in it to figure out whether the code's been discovered and if so by whom.
(Turkey and Vietnam may have taken over from Russia simply because the Russian government has decided to take action against domestic hackers because of the bad press they're getting. The people responsible are not likely to be physically present in any one location.)