It's possible that the victim did not have a virus or malware on his computer and there was no attacker stealing his private key.
It could be that someone just 'discovered' the private key as part of this project:
https://bitcointalk.org/index.php?topic=1573035.0and
https://lbc.cryptoguru.org/aboutWhat this project means is that the wallet software did not generate the private key in a truly random way.
This could be the result of incompetence/ignorance or maliciousness.
Unfortunately i don't think there is a way to link a privatekey with the wallet software that generated it.
So we'll never know who the bad actor is.