Malware hunters often say that it's really hard to point the finger at who's behind a cyberattack or a specific piece of malicious software—what's known in the cybersecurity community as "attribution." Hackers, especially if they work for a government, go to great lengths to obfuscate who they are and who employs them.
But sometimes hackers make mistakes, even blatant ones like leaving a link to the website of the company that developed the malware in the malware code itself. It would be like a burglar broke into your home and left their business card behind.
That's what happened with a piece of Android malware designed to spy on its victims that turned up in Asia last year. Security company BitDefender found the spyware and noted at the time that it seemed to "have been developed by Italian speakers targeting specific Android devices, selecting their victims based on their devices' IMEI codes," without going farther in its attribution.