I doubt that; they most likely were just a bunch of nerds who recognised the cheap routers and discovered the vulnerabilities from just playing around with a laptop and something like Kali Linux.
The malware integrated with the SWIFT software, printed manipulated printed receipts, ...
While it is not impossible that someone random was careful and clever enough to observe all the details necessary by watching the system for a while, what is known publicly about the attack IMHO looks more like someone prepared for an attack against SWIFT and then found a vulnerable endpoint.
While it is not impossible that someone random was careful and clever enough to observe all the details necessary by watching the system for a while, what is known publicly about the attack IMHO looks more like someone prepared for an attack against SWIFT and then found a vulnerable endpoint.