It's called a watering hole attack. You infect many of the devices way ahead of time (that are interested in whatever subject area you targeted), and pick your victim when you need to. If you haven't prosecuted these cases, you'd be surprised how often it happens:
All of the articles you link are about trying to derive attribution using signatures from the malware itself, which is unrelated to the thing you're talking about. I agree that trying to find meaningful attribution from the evidence left on the machine is unlikely to work and that spoofing this evidence is easy.
But that has nothing to do with a watering hole attack - are you claiming that successful watering hole attacks against GRU personnel are commonplace?
There's a bunch of articles there. One technique is they put up a pro-Free Tibet site, and put malware on it. The visitors get infected and they have an insight into who is interested in that topic and their IP addresses for basic geo location, and maybe remote control of their machines.
If we pick a topic that's super interesting for government intelligence people (like the Guccifer blog site itself), and put some awesome non-detectable malware on there, you could potentially infect multiple intelligence officers from multiple countries.
When the bots phone home, they will report username, domain name, email addresses, visited URLs, security certificates (or basically anything you want). So you now have a rolodex of machines you can manipulate. Mossad did it...nope....North Korea....nope CIA...nope FBI etc etc
Now this is super hard to do in practice. But you only have to be lucky once.
But that has nothing to do with a watering hole attack - are you claiming that successful watering hole attacks against GRU personnel are commonplace?