For actual apt designations, you would be hard pressed. You kind of need to find actual unattributed instruction sets. Like Regin or Flame, which is not a group so much as the name for an attack.
However, generally speaking The Lamberts (BlackLambert, WhiteLambert, etc) are allegedly the CIA, EquationGroup allegedly NSA, ProjectSauron is allegedly Western. DarkHotel is allegedly South Korean. Mainly these are Kaspersky designations. As the West doesn't really track the various intrusions, and the Chinese public-facing info is either deliberately wrong, or so old it's useless.
However, generally speaking The Lamberts (BlackLambert, WhiteLambert, etc) are allegedly the CIA, EquationGroup allegedly NSA, ProjectSauron is allegedly Western. DarkHotel is allegedly South Korean. Mainly these are Kaspersky designations. As the West doesn't really track the various intrusions, and the Chinese public-facing info is either deliberately wrong, or so old it's useless.