I don’t believe Debian is susceptible to worms — it wasn’t even susceptible to last year’s xz attack — and if you have a network firewall with port forwarding disabled, there is no way in unless your router’s firmware is compromised. If you’re running any community driven software like, for example, game plugins for servers you’re hosting, those could be suspect. Anything not FOSS is also a suspect. Otherwise, if you’ve already done a secure wipe (using dd, hdparm/nvme, or your UEFI) and used another motherboard then it probably isn’t your firmware that is compromised. You mentioned SSH and credential reuse, so this leads me to think a device on your network, like an IoT device (thermometer, baby monitor, home assistant, Roku, etc.) could be infected with malware. You really can’t trust these things to have any security whatsoever and they need to be placed on a segmented or guest network. This attack honestly seems very immature, something a script kiddie would do, or perhaps it is automated. On that note, automation loves vulnerabilities, so if you forgot to change the default credential on your router for example, I would fix that. Make sure everything is on the latest version and patch everything. I would also start suspecting neighbors and juvenile kids around high school age. If nothing else works then I would do a full Mr. Robot wipe down ;)