The attack seems to have got into your Pi via the Node-red editor. Your pi username and password were probably never used.
However, Node-red was just the point of entry. We have seen that the atack downloads and executes a binary file. We have no idea what else that might have done, but it's not unreasonable to imagine that it would have tried to identify and attack other devices on your network.
We know about the attack this time because it set the Node-red admin user name and password.
But we can't be sure this was the first time the attacker has been in your network.
As @dceejay says above: "at this point I would assume other parts of your machine have been compromised - and that it would be unsafe to continue to use it without completely wiping the SD card and starting again."
I hope the developers are thinking of ways to keep users with Node-red on small computers from using it unsafely in future.
