The IP addresses alone are no longer an indication of the source.
Multiple proxy servers are used to chain a connection. The endpoint could be anywhere.
I know proxies are used but hackers evenyptually make mistakes. You just create a table of them and look for the anomalies. Usually you will find them after looking for a bit. Serving the foreign companies that host the proxies sometimes works but often not.