They're basically making up reasons why they're not releasing the source code - things like "we're too busy to do the support work required when code is public - we don't have the resources for that".
They also release empty source code zipfiles with their binaries - presumably so they can claim it was all an accident that those files didn't actually have the source code in them - that there is no source code on github or anywhere else makes this a bit hard to swallow as an excuse.
I think such situations should be handled in a low key manner initially - giving them the opportunity to fix it without a public fuss and I think public shaming should be avoided at least initially private emails asking them to release the code is the right thing to do. There's no need to embarrass people if it can be avoided. Also the Internet is already full of enough angry mobs ruining reputations - I don't think online pitchforked crowds are something to be encouraged.
However, I've asked three times and heard nothing back. I asked once via github and they promptly shut down the issue section of their github project. I asked once via Twitter and no reply. I asked once via email and heard nothing back.
I don't care at all about the project or it's software but it bothers me that they're breaking the GPL. I'm no huge GPL warrior but I think if they don't want to conform to the GPL then they should not have built a major chunk of software on top of someone else's GPL project.
What should I do? I still think it would best be resolved by the project owners quietly fixing the problem without public shaming etc. On the other hand, since they don't reply, maybe that's the only option? What else can be done? Are there other ways to quietly handle this? Maybe there's some sort of legal expert in the field who would be willing to contact them on the quiet initially?
Surely for the project in question they're better off to be "the hero" who voluntarily announces the release of their source code, rather than the villain stealing and selling the GPL code of other people.
Also, as somebody else said, let the original authors know.
Funnily related: years ago I downloaded wordpress/joomla themes off bittorrent to study them. I was surprised to see that most/all of them were GPL-licensed, since they all were more-or-less based on some other GPL-licensed theme.
I could have just used them in prod no problem, worst case scenario I could remind them that the code is GPL-licensed.
GPL is just a license. Those who released the code in GPL still own the copyright. What happens next is their business.