This is a classic example of phishing, so it's not Apple's fault. They should use a better browser next time.
Phishing isn't exactly right; it would be phishing if there had been an email sent out or a bad link seeded on search engines that was directing people to this fake login page.
This is different, because it is an attack relying on the Chinese government's Great Firewall control of the entire network to redirect requests to a particular IP address--one of the ones used by iCloud.com (apparently they're not currently targeting all of them)--to the scam site.
Such an attack could be instituted on any compromised network--for example, a bad-acting WiFi network, or a hacked corporate network, but it is not referred to as phishing in those cases, either, it's a Man In The Middle attack. Such an attack can often be foiled by the same means that phishing attacks are stopped--the security cert doesn't check out, for example, as in this case--but the method and vector of attack are entirely different, even if the end destination--a fake login page--is the same.
Phrased differently, if you get phished, you unwittingly log into
http://www.iclud.com or scam.com/icloud.com or something of the sort. If you get MITM'd, you are logging into iCloud.com, but it isn't actually the server that's supposed to be behind iCloud.com. They're far more insidious.
----------
"Man-in-the-middle" can be anyone. No evil frame-up is beyond the Americans.
While theoretically possible, because of the way this attack is being carried out, it would require compromising of the network at a very low level outside China's borders.
It's very easy for the Chinese government to do such redirect MITM attacks because of the Great Firewall. The rest of the internet it certainly can be done--we've all read about the US government's wanton data scraping of traffic passing through hubs--but it would represent a new level of intrusive behavior of corrupting DNS/routing traffic directly rather than passive observation, something that would require both compliance by a major US network provider and cause global outrage from allied countries and the entire technology sector if they were caught, plus it would be additionally difficult to make it look like the redirect was being caused by the GFW and pointing to a PRC-controlled server.
Additionally, the PRC has an existing record of doing such things, while if it wasn't them they'd have every reason to deny it and point fingers for political points and the
massive international embarrassment it would cause the US. It would also be additionally easy for them to prove that it wasn't them, since the redirect would by necessity have to happen in networks outside their borders.
Point being, while a false flag operation is hypothetically possible, it doesn't really pass the smell test for both technological and political reasons.