I seem to recall that the Sony hack was attributed to North Korean hackers and while many people laughed it off, serious investigations pointed that it was really the case. (Just on top of my head, I'll let you dig for sources.)
serious analysis pointed to iran (malware shared traits with that used in saudi aramco hack a year or two prior), probably because nk and iran have some kind of offensive sharing arrangement on cyber, but the nuclear deal was in the works and the last thing the obama admin wanted to deal with was a perceived provocation.
