[gcommer]

Assuming the attacker is indeed China:

If the goal was only to block Greatfire for non-VPN users, then they could just use the GFW for that from the start. The use of a DDoS can only imply that China wants the site offline for everyone, even VPN users.

[frankchn]

I think Greatfire is evading the GFW by hiding their mirrored content behind innocent looking websites such that the GFW does not block it. Once the censors discovers a Greatfire node, they block it, but then Greatfire just moves on to another IP address or domain name.

With this DDoS, they are taking the different route of attacking the infrastructure of Greatfire such that they can't serve traffic from China at all. Causing massive bills and outages for Greatfire is probably a bonus, but I don't think that is their main intention.