I can't answer because I'm not sure about which mechanism you're thinking about. Would you mind elaborating the concept?

But as any mechanism: who's operating it, who's paying for it, what it's going to do, etc.

An idea is a state owned crawler that tries to get into any device inside the country and tells people that their device X is insecure because of Y and Z. I think there are already many of those crawlers around, but they don't warn people. Quite the opposite ;-)

I'm wondering whether it's possible to log IPs of attacking devices. From targets and from intermediaries. Then inform ISPs, and demand that they inform device owners. But yes, who would do that, and who would pay, are hard parts. Still, this was an expensive day for many providers.

Tells what people? How do you know who owns a device?

If you have an IP address, you can determine what ISP it's been assigned to. And ISPs typically know which accounts had which IPs at any given time.