Um, no. The reason they DDoS financial institutions is so they have a chance to cash out the stolen goods immediately. Stolen financial data has an expiration date and the DDoS extends that just long enough for it to be useful.
DDoS'ing github because you trojaned a source tree calls attention to the fact that you did it. Only the dumbest of all hackers would do such a thing and that is almost certainly NOT what is happening here. When you trojan a source tree, it only becomes useful after your intended victim downloads and installs it, which can take months or even years.
If you DDOS GitHub as a whole, how does that call attention to the one project a bad guy has trojaned?
If the project has mostly "commercial" developers then chances are they work on it during the week. DDOS GitHub during the week and let off for the weekend. That gives a few days worth for your trojan to be downloaded by the unsuspecting. People will also have tired hearing about the "github news" so new news about trojaning will take a little longer to disperse.