"Once we had this information, we created a simple program that would query this database on a regular basis and log new infections with the goal of understanding the general profile of victims and potentially spotting new mistakes by the operators," the team wrote, noting they appear to have uncovered at least 10 potential "accounts used to test or develop the malware."

Quote

Sources

BitMEX thwarts supposed Lazarus attack, discovers group's IP addresses and 'significant lapses' in security