The first user I looked at from the repository mentioned in the article did all ...

The first user I looked at from the repository mentioned in the article did all of the above. Spam PRs in someone else’s repo, spam PRs in their own (fake) repo, spam PRs in a sock puppet’s (also fake) repo. The only thing they haven’t tried is writing a legitimate PR.