as a way of junking all the data I thought of rebuilding the NAS from RAID1 to RAID0 using the Admin Console, and then reverting to RAID1 but I guess (a) this doesn't necessarily reformat (so data still "exists") and (b) the RAID controller / MoBo is probably flashable and therefore could have been exposed to a hack anyway?
Rebuilding the RAID as suggested is certainly an easy way to trash your data.... but it's not going to solve the problem of what might be going on at embedded OS level.
I think the chances of the Motherboard being targetted are fairly slim in this scenario .... more likely is that the OS was targetted in order to attempt to ensure a backdoor remained available.