On that note, is there any progress with identifying the perpetrators of these attacks?

That problem is much more theoretical than practical. Most of the time, you know who’s doing it. It may be classified, but the government is fully aware who these actors are in most cases. Even when you don’t have technological proof of their culpability, you do have the cui bono argument of who benefits. While there are circumstances in which rapid real-time attribution may be difficult, in hindsight virtually every case that is serious in nature can be tracked down and attributed.