Conclusions
"... claiming that almost all the scans came from just two IP addresses in China. As the post notes, however: “it's important not to jump to conclusions about the attacker's location simply by looking at an IP address."
Is it fairly easy for someone outside of China to set up a VPN service inside China and then use it to transfer large amounts of data from outside China to the VPN server and then back out to their own location?