There's also an independent investigation called "Operation Blockbuster", detailed results here: https://www.operationblockbuster.com/wp-content/uploads/2016...
That report does not specifically attribute the Sony hacks to a particular nation-state. It does demonstrate the hack was not the result of a disgruntled employee, but rather an APT group the report refers to as "The Lazarus Group."
In the interests of full disclosure, I worked with the people involved in that operation.
The attribution of the DNC hack to a Russian APT group has some backing from security professionals. Crowd Strike, based on analysis of the malware used, came to this conclusion (https://www.crowdstrike.com/blog/bears-midst-intrusion-democ...). This conclusion has been corroborated by Fidelis (http://www.threatgeek.com/2016/06/dnc_update.html) and Threat Connect (https://www.threatconnect.com/tapping-into-democratic-nation...). It's early days, but the evidence is there.
FYI, the Sony hack was very likely not committed by an insider (https://www.operationblockbuster.com/wp-content/uploads/2016...). DISCLAIMER: I worked with the team who did operation blockbuster.