It's fashionable to blame Russia these days, but what country manufactures the most IoT devices, and has the type of government that could mandate backdoor access?
I think what the OP is implying is that these static admin passwords were put as a deniable backdoor. If it was a Chinese gov scheme it is quite clever as a real backdoor would have been obvious, while this just looks like total incompetence.
This makes no sense. Everyone knows what the default passwords are. And all sorts of products not made in China have default passwords. And, some of the products implicated in these attacks aren't Chinese. I think the OP is grasping at straws.
I was thinking of the hardcoded passwords in Xiongmai Tech components that were linked to the Krebs DDOS. Very much in line with the rumors about Huawei and ZTE a few years back, I don't think it's out of the realm of possibility. Hard to define a motive though.
It actually would be pretty clever given that once hacked you can close the door and keep out other hackers. Step 1. Make a device with a wide open door. Step 2. Hack all these devices and close the door. You get easy deniability and a massive botnet.
Having said this I suspect that this is not what has happened and it is most likely just a case of complete incompetence.