When an attack on IT systems of a state is discovered, often another state is publicly blamed for it within a few days. I wonder whether these attributions are plausible from a technical point of view.
How are sophisticaed cyber attacks traced? Is it trivial to hide one's geographical location in a large-scale attack? Are the common explanations (such as "using methods often employed by attackers from country X") reasonable?
Typically the methods used or the way the malware has been put together reveals something about the attacker, making this kind of attribution possible. It's not so much about the geological location but the people or entities behind the attack.
However, it gets more complicated as nation state actors have so much more resources. Having the intelligence to recognize these patterns they can also frame other countries to hide their tracks. A good example of such is in Darknet Diaries Ep 77: Olympic Destroyer (transcript):
It was just a kind of tingle of forensics with clues pointing in every direction and as soon as you thought that you had come to a conclusion, there was another hypothesis to undermine it. There was just a kind of unprecedented scenario where it seems like the hackers, instead of trying to simply cover their tracks, they had built-in tracks pointing in every direction at once.
(This quote was picked to prove the point without spoiling the episode i.e. who was behind it and how they finally came with that conclusion.)
