Attribution is hard and usually impossible
You cannot trace back the origin of malware or an attack just like you cannot trace back the origin of a text. Of course you can say that a text is written in Chineese so it might come from China, but that's largely bullshit. Everyone can fake that...
...and this is the problem with "Cyberwar", anybody can trivially claim they are X and attack country Y so Y will strike back to X even though X is innocent. You don't need people to learn a foreign language, just compile your code on a Windows version from that country and rent a foreign server at a hosting company in that country and people will only find that.
So whenever you hear "Country X did it", there usually is a very flimsy chain of evidence behind it. It's virtually impossible to actually know where such an attack came from.
What we can do to prevent is is normal IT security. And that's _much_ cheaper than any "Cyberwar".