According to the latest information made public by Wang Minghua, an operator with the National Computer Network Emergency Response Coordination Centre of China (CNCERT/CC), the attack seems to have been tied to by a single, amateur hacker from Qingdao in the Shandong province.
The attack was not made on purpose, he says, as the hacker was looking to DDoS a game server and has attack government servers by mistake. The authorities managed to track him down because he mounted the attack from his own IP address.
But, as South China Morning Post notes, it's still possible that this suspect is not the actual attacker.
In fact, not two weeks ago, an official statement from the authorities identified the attackers as a group of hackers with commercial interests who used a large botnet to mount the attack.
Why the sudden change of stance? It's difficult to say. But a Shangai-based cybersecurity expert said he had his doubts about the "lone hacker" theory, saying that the attack was simply too expensive to launch for random, amateur hackers.