Re: once again
Proof? No. What would such proof consist of?
An attack like this implies extensive resources, and it was against a broad range of targets, many of which are relatively difficult to monetize (suggesting direct financial profit wasn't the main motive). That pushes the probability toward a nation-state or nation-state-sponsored actor.
Again, the choice of targets suggests it wasn't a nominal ally country - not because allies don't spy on one another (of course they do), but because allies can get much of the probably-exfiltrated information through other channels, so they'd put their resources elsewhere.
So, probability favors nominal-foe states known to have groups with the resources (funds, technical capabilities, discipline) to pull off this attack. Iran's working up to this sort of thing but evidence suggests it's not there yet. That leaves China, Russia, and North Korea.
The DPRK has historically been more interested in more-targeted attacks aiming at hard currency and scientific / technical information.
Between China and Russia, the style and apparent goals of this attack are more typical of Russia in recent years.
There may also be technical evidence suggesting Russia; I haven't read the detailed technical reports yet.
This has nothing to do with McCarthyism (an accusation which is nonsensical in this case, since McCarthyism was ostensibly about International Communism and Communist organization in the US, not Russia, and actually about Joe McCarthy's need for attention) or an anti-Russia bias. The IT security community broadly recognizes a number of nation-state actors performing a wide range of IT-system penetrations around the world, including the US and its allies. Russia has no special status as a bugbear in that regard. They're just one of the players.