I'm just making a wild guess, but it was probably the North Korean Cyberattack Force. They have been behind some of the largest crypto heists before in order to get clams in the goverments coffers.
The blockchain analytics provider attributed the attack to the North Korean state-sponsored Lazarus Group, which it says has stolen more than $2 billion across several heists.
The linked article is inaccurate and misleading. Your wild guess is based on that.
Currently the best blockchain analytics publicly available about the incident is this by Moonstone, and even though it seems that the victim shared the secret key with them, nothing much is known due to the nature of the privacy coin. No way other analytics providers could tell more.
Check the original source and some of the comments there before making an irresponsible accusation like the attackers must be North Korean (or Russian, Muslim, Romany, …). A knee-jerk suggestion like that does not only promote unfair racism/stereotypes, but it helps cover up the real mastermind. Although, it’s not your fault that the article is misleading, and we can’t rule out any possibility including what you suggested. The real problem here is this confusing, poorly-written article…
Actually I based my wild guess at reporting that NPR did a couple of years back regarding different thefts of crypto and that the intelligence community determined it was a hacker group in North Korea that was supported and funded by their own government as a way to get around the sanctions.
My subsequent confirmation came from reading the article, but I already had the same suspicions, however I will admit my error if it indeed turns out it wasn't North Korea (haven't been able to read the links you provided yet)
Do you realise that the "real money" you're referring to isn't really even "money" anymore and a select few people in the world are able to generate unfathomable amounts by just typing a number into a computer and pressing enter?
You have to work for the "real money", they don't.