There is no good way to determine clearly who made an attack, or even if an attack was performed by a nation-state, or as Bruce Schneier puts it "A couple of guys".
For physical attacks, if a tank comes rolling into your country, you know it's the army of a nation-state because people don't have tanks. The same isn't true for cyber attacks. Nations and "A couple of guys" use the same tools for cyber attacks.
Also remember that sophisticated attackers aren't dumb. They'll be deceptive with the IP address they use, so you can't rely on that. If an attacker can obviously be physically in the US, but control a set of computers in Russia or China to start attacks from. Largely the attribution is done by motive, and who's interested in spying or attacking whom.
Some will try to use the tools available and attribute them to specific attackers. That was what some were saying with the Sony hack and tying them to North Korea, but there is widespread disagreement within the security community about this.