Can you trace malware back to a specific keyboard?

A keyboard is not a typewriter. Keyboards produce scancodes that are interpreted by the software and mapped depending on your layout. When a key press produces a letter on your screen it's nothing more than the character value in its respective charset - keyboards don't leave "digital fingerprints" that could be traced back.

Instead, the author probably meant to say that they found strings or identifiers with Cyrillic letters in the source code. But such traces are easy to fake and wouldn't count as "hard evidence"; even metadata could have been planted.

Here's a similar case: After the Operation Aurora cyber attacks, analysts claimed they had found "Chinese source code" from which they concluded that the attack was led from China:

HBGary, a security firm, recently released a report in which they claim to have found some significant markers that might help identify the code developer. The firm also said that the code was Chinese language based but could not be specifically tied to any government entity.

Here, the case was actually stronger than the Cyrillic keyboard evidence as researchers could trace back parts of the code to a reference implementation that was only released in a Chinese paper:

Perhaps the most interesting aspect of this source code sample is that it is of Chinese origin, released as part of a Chinese-language paper on optimizing CRC algorithms for use in microcontrollers. [...] This CRC-16 implementation seems to be virtually unknown outside of China

(Source)

As already stated, it's quite impossible to track keyboards. In theory it's possible to have keyboards contain some ID number that is transferred to the operating system (much like how itunes in the past knew what colour my ipod was), but appending that information to source code, Internet protocols or such so that it is traceable from the hacked system, is certainly not reality. Otherwise we'd already seen reports of it by those debugging their code or protocol messages.

I first thought about specific character encodings and it still could be the case. For example there are several parts in the ISO 8859 ("latin") standard. Many characters have the same encoding in all parts, including those that are required for scripts and such to execute. Then any extra characters to the 8859 set might give us some clues. For example it might be that when interpreting the characters using part 5 (ISO 8859-5 cyrillic) encoding, the extra characters make some sense.

Anyway, with the information at hand this is all just guessing. It may also be deliberately vague to give the impression that even your keyboards can be traced.