According to the CEO’s tweet, he claims that the size of this attack suggests that a state actor could be behind it, meaning that the hack could have been backed up by the resources of a country’s government. He also implied that China could have been behind it, due to the majority of the IP addresses coming from the country, and how it has also coincidentally lined up with the ongoing protests in Hong Kong.
There is no way to know if this was a directive of China’s government, although it would not be the first time China has been accused of doing something like this. Years ago, also in another series of protests in Hong Kong, social media that was once freely accessible was temporarily blocked as apparently the Chinese government did not want its citizens to see what was going on in Hong Kong.
IP addresses coming mostly from China. Historically, all state actor-sized DDoS (200-400 Gb/s of junk) we experienced coincided in time with protests in Hong Kong (coordinated on @telegram). This case was not an exception.
— Pavel Durov (@durov) June 12, 2019
As to why Telegram was targeted, it is because the app uses encryption to protect its messages from being read, which is why it was favored amongst protestors who could use it to coordinate their activities without tipping their hand to the authorities.