From what I understand a user(Lmao/Angled) was "sub-lemmy camping" (took up thousands of popular sub names and wasn't doing anything with them) so lemmy world banned him from that instance. He had a hissy fit and "vowed revenge" and has been attempting to do as much damage to .world as he/they could since. I can't find the original post but https://old.lemmy.world/post/943832 and https://old.lemmy.world/post/1720870 has a bit of detail.
My guess is it was to weasel his way into having mod control over as many subs as he could in hopes some would take off. This happened in June around the time reddit was having their blackout protests.
Doesn't give much on who and why, more on what/how along with dispelling some myths.
Whoever is doing it is very quickly walking through a list of expensive queries to use in their DDoS attacks. Lemmy.world is playing whack-a-mole instead of proactively rate limiting/mitigating expensive queries. It may be that all their time is spent diagnosing and fixing with none left for proactive fixes.
The fact that the attacks are evolving and always hitting expensive queries implies that it's a moderately skilled person/group familiar with the lemmy codebase.
You can speculate on motives as well as I can.
The net effect will be a more robust server and hopefully that code/knowledge is disseminated to other instances.