CISA (https://cisa.gov) are investigating. They got the emails between me and "Jia Tan" and other information we have. They can subpoena Google to get IP addresses behind the emails, but it depends on whether and where a VPN was used if they'll get any further than that. If we will ever see a fully public report is anyone's guess.
If it's a state actor, it's not unreasonable to think they'd spin up their own VPN
All you need a Raspberry Pi and some public Wi-Fi network to create a jump point and hide among the 100s of devices going on and off that one public IP. With projects like TailScale you could set it up and plant it somewhere in a matter of hours
If it is a state actor like China or North Korea, they own the gateways and firewalls and can ensure any traffic they do not want to be identified ever will be.
I also recently wrote a single ephemeral socks5 proxy over a hidden service in Rust. Since they’ve probably compromised other machines in the past, they could’ve easily used something similar to proxy their connection through tor and to some random computer (access some vulnerable router through tor, proxy through it, etc).
Hiding your tracks aren’t hard
