I think after being compromised, safest course of action to get back to production would always be to rebuild everything, starting from installing a fresh OS. I think the article was a bit vague about this part.