A bunch of commenters are confused how this "blunder" even happened. I was too, except I recognized the company name. They have a history of making up or completely misunderstanding their own software. They make EDR products which trigger "events" except they don't really have the knowledge to triage them, so they come up with wild explanations for them that involve threat actors and anomalies which are not real. For example, earlier they posted this to their Twitter account: https://twitter.com/HuntressLabs/status/1865111713948852572
Anyone who knows anything about macOS knows that it is not possible to disable System Integrity Protection without rebooting into recovery (an environment that it is not possible to actually get events from). So their "detection" is just some random guy typing "csrutil disable" in their terminal and it doing absolutely nothing. I would not be surprised if there is some similar dumb explanation here that they missed, which would make for a substantially less interesting story.