I am not an expert but there are proxy servers and stuff, they can introduce code from wherever. And code writing has no signature. How do they trace the origin of such a hack, especially if it's done very professionally.
Actually the code does leave a signature and that is how they know who made it. The NSA etc examine the code thoroughly to look for bits of code that resembles bits from other past malware that they know where it came from. A portion of what was found is soon to be released to the public for examination. So soon everybody will know what's going on.
A new malware may be completely new but there is going to be something in there that points the arrow 2 who made it
They can recognize certain patterns in code from reused functions or subroutines, but I don't know how they could tell whether it is from a government, or just some script kiddie. For example I don't think the Russians hijacking Steam game accounts is being done by any government. Somebody tried to log into my Steam support account from in IP address in Ukraine.
😉 Bonjour, Hello
Everything uses the internet and computing leaves trace.
❇ ~~ Happy New year 2017 ~~ ❇
By very professional tracing!
"I am not an expert but there are proxy servers and stuff"…. which are about as effective as wearing a hat and hoping nobody recognises you.
Welcome to the real world.