> I think you are assigning too much “us vs them” to the ransomware marketplace.
Attacking things in a foreign jurisdiction is massively appealing from a "what will get me thrown in jail by my own government if things go wrong" perspective. You don't need any political loyalty for that calculation.
The problem is that state-level actors are considerably more sophisticated in their activities than what was seen here. There was a story on HN a while back that can best be summed up as "Defending against this is impossible: Mossad is gonna Mossad and there is nothing you can do about it:
https://news.ycombinator.com/item?id=26591669
Attacking things in a foreign jurisdiction is massively appealing from a "what will get me thrown in jail by my own government if things go wrong" perspective. You don't need any political loyalty for that calculation.