While we are speculating, there was this case of university students trying to introduce malicious commits in the kernel in order to test open source to such attack vectors. Perhaps this was similar "research" by some students.

https://www.cnx-software.com/2021/04/22/phd-students-willful...