Any teenager can proxy off a Russian server and make a hack look like it came from Russia.
Yes, anyone can relay from a server anywhere they want. However the Crowdstrike claim was that this was "Fancy Bear" and "Cozy Bear" and that their tools or techniques were ID'd. For example:
"The COZY BEAR intrusion relied primarily on the SeaDaddy implant developed in Python and compiled with py2exe and another Powershell backdoor with persistence accomplished via Windows Management Instrumentation (WMI) system, which allowed the adversary to launch malicious code automatically after a specified period of system uptime or on a specific schedule. The Powershell backdoor is ingenious in its simplicity and power. It consists of a single obfuscated command setup to run persistently, blah blah blah"
The blah blah blah is mine. I first read their blog post in June 2016 and said it was BS, now I know it is BS. Their blog post hasn't changed and has been sitting on their server since 2016 with a few updates (prepended to the beginning). They are using it for advertising for their IPO and furthermore they collect the referrer links (track which websites link to it) and obviously track all IP addresses that access the page including mine just now.