This might (or might not) be a (partial) answer:
In this case, what hypothetically happens is that the nation state actor is unable to remotely hack Dom0, but inserts code through a compromised VM which crashes Dom0 and the whole the system. Then, this actor posts instructions on stack exchange or somewhere else for “fixing” the system in dracut, which modifies Dom0 (using search engine keywords that the victim would look for).
You can see that after “attempting to fix” using instructions found “somewhere” online before this forum was created, dom0:dm_43 - qubes_dom0-pool00_meta0 appears. I don’t know what that means and I’ve not seen it since. This could just be one scenario, or maybe just the paranoia of a Qubes user 