Probably good source data with explanation of chain of custody that reasonably ensures those aren't fake. I.e. if they produce code and logs and other artifacts that definitely link something to Russia, I'd probably believe they didn't fake the logs, binaries, screenshots, etc. if reputable enough people vouch for it. Also, faking real data is very hard, so if after reasonable time of public inspection nobody calls it fake, I'd believe they are genuine. Then explanation how these source data demonstrate what is being proved (e.g. "this IP has accessed the remote backdoor on this server, and it's routing points to the IP being in Russia and registered to the provider known from this and this to be a company engaging in cybercrime on behalf of Russian government") that would be pretty convincing for me.
Pretty much the same process evidence undergoes on criminal trial. You present it, you get it through adversarial process, if it survives, we have some reasonable (though not 100%, as well known) chance it's true.
Of course, a prosecutor saying "well, we've seen the evidence and we conclude the defendant is guilty" would not fly very well in court. But that's mostly what we have here.
Pretty much the same process evidence undergoes on criminal trial. You present it, you get it through adversarial process, if it survives, we have some reasonable (though not 100%, as well known) chance it's true.
Of course, a prosecutor saying "well, we've seen the evidence and we conclude the defendant is guilty" would not fly very well in court. But that's mostly what we have here.