Normally, attempts to get into my websites come largely from the USA and (inexplicably) France. The orthodoxy, I believe, is to assume that these US attacks are not really from the US, but are from US-based machines hijacked from Eastern Europe. (I don't know about the French thing. Nobody else seems to be specially targeted by the French, so I have seen no discussion on it).
I don't know what to make of the sudden prominence of Russian IPs. Have the US authorities cracked down on the hijacked machines? Are the new attacks reported as Russian and Ukrainian, actually now coming from hijackers physically located in the USA, in a kind of weird symmetry? Is it entirely chance?
I'll probably never know. I can only feel vaguely reassured that the software is doing its thing and nobody is complaining.