APT groups aren’t all from Russia, China, and North Korea
Advance persistent threat (APT) hacker groups are often assumed to be state-supported organisations such as China’s APT10 aka Stone Panda, Russia’s APT28 aka Fancy Bear, or Vietnam’s APT32 aka Ocean Lotus.
However, these and other groups are often identified and named by cyber intelligence firms with strong links to their national government. FireEye and Crowdstrike in the US, for example, to name just two.
Sometimes naming and shaming nations-states for their hacking is part of a deliberate diplomatic strategy.
But authoritarian regimes don’t generally admit weaknesses, and those attacking those regimes might not want to admit to being just as aggressive — though with different aims.