I looked into this when our appliances were....visited (I am not responsible for them - I would have shut them off a long time ago, and a couple of weeks earlier, Barracuda had suffered some sort of breach for their hosted-service, which it kind-of swept under the rug....
Anyway - I took two of the IPs from the IOC-list and did some digging. At least one pointed to an ISP in Hongkong, boasting great connectivity to China - and prominently accepted various forms of crypto-payment.
I did a reverse-dns search and saw that the IP hosted a lot of domains that looked like they had been acquired from some sort of Chinese domain marketplace.
I mean, the line between "professional hackers for profit" and APT-style, government-sponsored groups is likely very thin anyway, but this one somehow had this "uncanny valley" feeling you get when something is top easy, too simple.