Not an unreasonable question (though I personally assume that Russia hacked the Ukrainian power grid in 2017) because the US has a history of using (operations similar to) false flags, and Washington also uses dirty methods to get rid of governments it doesn't like.

Kathryn Olmsted describes Operation Northwoods in her book Real Enemies (Oxford University Press, 2009).

Even Mick West, a debunker of conspiracy theories, writes in Escaping the Rabbit Hole:

"The fact that false pretexts (False Flags) were suggested at all indicates that some people were willing to consider them. Many in the military and the government were probably willing to implement them, if they could get away with it."

It is easy to get away with a false flag hacking operation. Attributing hacking to a particular state can be almost impossible if the perpetrators are very skillful and Byzantine in how they operate.

Andy Greenberg, a Trump critic writing for Wired, reveals in his book Sandworm the degree in which cybersecurity experts take false flag hacking operations very seriously:

""It seemed like a smoke screen," Lipovsky told me. "They had targets they wanted to infect. Then they released their malware everywhere else as a distraction.""

"Lipovsky cautioned that he could only speculate—that Bad Rabbit still defied an intuitive explanation. But his theory implied that the attack had, perhaps, two distinct goals: It had scored one more blow, in passing, against Ukraine's infrastructure. And at the same time, it had created a new layer of confusion for investigators. "It blurs things," Lipovsky told me. "It makes it impossible to attribute the attack based on the targeted country.""

"Was the GRU really so callous as to randomly destroy the computers of Russia's own citizens, simply as a feint? In fact, its next operation would reveal that it was willing to go far further still in the interests of sowing uncertainty."

But if you are willing to attribute this manipulative attitude to GRU it follows that one can also attribute an equally Byzantine mindset to NSA or some other pro-Western actor who has an interest in smearing Russia and thereby making ordinary Ukrainians more hostile toward Kremlin.

Have not yet finished reading Sandworm - got 45 pages left - but so far it appears like some cybersecurity experts (or Andy at least) are unscientific and uncritical when attributing hacking to a particular state, because they seem to underestimate the Machiavellian deceitfulness of hackers all over the world, despite being acutely aware of this problem. Andy Greenberg writes that:

"The security world had seen plenty of false flags before: The state-sponsored hackers behind every major attack for years had pretended to be something else, their masks ranging from those of cybercriminals to hacktivists to another country's agents. But this was different. No one had ever seen quite so many deceptions folded into the same piece of software. Wading into the Olympic Destroyer code was like walking into a maze of mirrors, with a different false flag at every dead end." (...)

"Soon another set of clues emerged from an unlikely source: Kaspersky Labs. ..." (...)

" ... rather than focus on the malware's code, as other companies like Cisco and Intezer had immediately done, they'd looked at its "header," one part of the file's metadata that includes clues about what sorts of programming tools were used to write it. Comparing that header with others in Kaspersky's vast database of malware samples, they found it perfectly matched the same sample of North Korean data-wiping malware that Cisco's Talos had already pointed to as sharing traits with Olympic Destroyer."

" ... in this case, one senior Kaspersky researcher ... had determined that the header metadata didn't actually match other clues in the Olympic Destroyer code itself; the malware hadn't been written with the programming tools that the header implied. The metadata had been forged."

"This was something different from all the other signs of misdirection that researchers had fixated on. The other red herrings in Olympic Destroyer had been so vexing in part because there was no way to tell which clues were real and which were deceptions. But now, deep in the folds of false flags wrapped around the Olympic malware, Soumenkov had found one flag that was provably false."

"It was now perfectly clear that someone had tried to make the malware look North Korean and only failed due to a slipup in one instance ..."

But was if the "slipup" was deliberate? If I had been a supersmart hacker I would have included misleading slipups in my code.

Back to Andy's search for patterns in the Olympic Destroyer case:

"A pre-internet-era detective might start a rudimentary search for a person by consulting phone books. Matonis started digging into the online equivalent, the directory of the web's global network known as the domain name system, or DNS. DNS servers translate human-readable domains like "facebook.com" into the machine-readable IP addresses that actually describe the location of a networked computer that runs that site or service, like 69.63.176.13. Matonis began painstakingly checking every IP address his hackers had used as a command-and-control server in the campaign of malicious Word documents he'd just uncovered, translating those domains into any IP addresses that had ever hosted them. At the same time, he'd use a reverse-lookup tool to flip the search, finding every domain that had been hosted on any single IP address to assemble a branching graph."

"Once he'd created these treelike maps for dozens of the IP addresses and domain names connected to the Olympic attack, one branch of that exploration led to a domain that lit up like neon in Matonis's mind. Three links down his daisy chain of IP addresses and domains, there it was: account-loginserv.com."

"A photographic memory is a helpful trick for an intelligence analyst. As soon as Matonis saw the account-loginserv.com domain, he instantly knew that he had seen it nearly a year earlier in an FBI "flash," a short alert sent out to U.S. cybersecurity practitioners and potential victims. This one had offered a new detail into the hackers who in 2016 had breached the Arizona and Illinois state boards of elections: The same intruders had also spoofed emails from a voting technology company, VR Systems, in an attempt to trick more election-related victims into giving up their passwords." (...)

"When Matonis reported his findings to his boss, John Hultquist, they agreed there was no longer any doubt: The hackers behind Olympic Destroyer were Russian."

Russia is a huge country, with many immigrants and visitors (from other authoritarian regimes). If a spy from China or Cuba for example lives in a Russian city he could have used the IP address which Matonis found.

If NSA can get into the systems of GRU it's also possible for China, Israel, South Korea or Taiwan to hack GRU and frame Russian intelligence.

China and Russia have often been enemies through history. They are now forced together because of NATO and AUKUS. So don't think China and Russia will not frame each other if one of them believes that it's "necessary".

If a hacker is working for NSA inside Russia he or she could have used tools delivered by (a faction within) NSA in order to hack the power grid in Ukraine. This false flag operation would have been easy compared to Stuxnet for example.

It's possible that American intelligence has secret evidence which clearly proves to computer geniuses in NSA that GRU is responsible for many hacks, but ordinary people can't verify that NSA is speaking the truth in Cold War 2. The truth is the first casualty in war. NSA is obviously very biased in this case. No educated person trusts American intelligence after they in 2003 either lied or failed to stop lies about WMDs in Iraq.

Nor should you trust Russian intelligence. NSA and GRU are like two mafia families at war. Don't trust any of them. Since they both are unethical check instead which of them are fighting for cultural values that you support. If you are a moderate cultural conservative it's only natural to have sympathy with conservative Russia. If you are woke however then support ultra-"liberal" NSA.