Is there really a failed login attempts? If it never calls the real functions of ssh in case of their own cert+payload why would sshd log anything or even register a login attempt? Or does the backdoor function hook in after sshd already logged stuff?
Also, in a more optimistic scenario without sockpuppets, it's unlikely that malicious and underhanded contributions will be caught by anyone that isn't a security researcher.
companies that abuse on call duty for planned maintenance suck. If it's something predictable or plannable, it's not on call. Hire people to work that day.
Yup. IMHO spam has become so good at mimicking genuine content, it's hard to recognize even for a human curator. There's so many websites in the top google results that I'm sure are entirely AI generated, which exist for the sole purpose to propagate affiliate links and ads.