What I've heard is they do/did a lot of explosive breaching. Then things like recoilless rifles, heavy machine guns or if you use a .50 caliber sniper rifle might further contribute to the situation.
I'm not sure if these types of units usually dive that deep that you would be worried about brain damage, but I'm less familiar with that side of things. Diving probably hasn't been that much of a focus during the recent years in the middle east either.
To me it would make more sense to add more eyeballs looking at what gets committed. For example, in this case who would you pay? The new (co-)maintainer was compromised and it would not help to pay him. Thus, in order for payments to help one would need to have some assurance that the person getting paid is not compromised. The easiest way to have some level of such assurance seems to be to pay ones own employees. This is of course not bulletproof, but certainly adds another layer to pulling something like this off.
At the same time, this attempt nicely illustrated that the chain is only as strong as the weakest link since, as I understand it, no part of the backdoor was committed to the git repository in cleartext. Instead, the part of the backdoor that was at least somewhat identifiable was only included in the tarballs that would be downloaded and used by Debian/Fedora when building the packages for these distributions, thus giving a very nice trade-off between the chance of someone detecting what was going on and the potential impact of the backdoor.
I'm not sure if these types of units usually dive that deep that you would be worried about brain damage, but I'm less familiar with that side of things. Diving probably hasn't been that much of a focus during the recent years in the middle east either.