Please note that while I work in this field I am not involved in this investigation in any way; all I know about the attack is what's been reported publicly.

Historically, most nation-state threat actors do not use ransomware. Almost all ransomware threat actors are financially motivated. If this attack were targeted at the pipeline company, I would have expected the attacker to take measures to be sure to get paid, rather than shut down the pipeline.

Based on what I know so far, I don't think that this specific threat actor is particularly low or high in sophistication. A low sophistication threat actor would have had challenges attacking these systems. A high sophistication threat actor would be attacking financial systems, or similar activity that has a higher percentage of success.

In other words, the threat actor probably regrets this attack due to not getting paid for success and due to the extra attention they will receive from law enforcement and private entities that work on attribution.