I am checking that right now.
The damage was done in about 5 seconds so I expect that only commands like partedUtil or dd can do such a damage.

See anything in the auth logs?

I do not understand this:

2014-11-27T20:14:30Z sshd[11179896]: Received disconnect from w.x.y.z: 11:

2014-11-27T20:14:30Z sshd[11179896]: pam_unix(system-auth-generic:session): session closed for user root

2014-11-27T20:14:40Z sshd[11179951]: Connection from w.x.y.z port 43291

2014-11-27T20:14:41Z sshd[11179951]: Address w.x.y.z maps to knownhost.somewhere.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

2014-11-27T20:14:41Z sshd[11179951]: Failed password for root from w.x.y.z port 43291 ssh2

2014-11-27T20:14:41Z sshd[11179954]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:14:41Z sshd[11179954]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:14:41Z sshd[11179951]: Accepted keyboard-interactive/pam for root from w.x.y.z port 43291 ssh2

2014-11-27T20:14:41Z sshd[11179951]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:14:41Z sshd[11179951]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:14:41Z sshd[11179951]: pam_unix(system-auth-generic:session): session opened for user root by (uid=0)

2014-11-27T20:14:41Z sshd[11179951]: User 'root' running command 'vim-cmd vmsvc/get.summary 58'

2014-11-27T20:14:43Z sshd[11179951]: User 'root' running command 'vim-cmd vmsvc/get.guest 58'

2014-11-27T20:14:44Z sshd[11179951]: Received disconnect from w.x.y.z: 11:

2014-11-27T20:14:44Z sshd[11179951]: pam_unix(system-auth-generic:session): session closed for user root

2014-11-27T20:15:26Z sshd[11180127]: Connection from w.x.y.z port 43787

2014-11-27T20:15:27Z sshd[11180127]: Address w.x.y.z maps toknownhost.somewhere.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

2014-11-27T20:15:27Z sshd[11180127]: Failed password for root from w.x.y.z port 43787 ssh2

2014-11-27T20:15:27Z sshd[11180130]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:15:27Z sshd[11180130]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:15:27Z sshd[11180127]: Accepted keyboard-interactive/pam for root from w.x.y.z port 43787 ssh2

2014-11-27T20:15:27Z sshd[11180127]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:15:27Z sshd[11180127]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:15:27Z sshd[11180127]: pam_unix(system-auth-generic:session): session opened for user root by (uid=0)

2014-11-27T20:15:28Z sshd[11180127]: User 'root' running command 'vim-cmd vmsvc/get.summary 58'

2014-11-27T20:15:29Z sshd[11180127]: User 'root' running command 'vim-cmd vmsvc/get.guest 58'

2014-11-27T20:15:31Z sshd[11180127]: Received disconnect from w.x.y.z: 11:

2014-11-27T20:15:31Z sshd[11180127]: pam_unix(system-auth-generic:session): session closed for user root

2014-11-27T20:20:20Z sshd[5512189]: Connection from otherhost port 47075

2014-11-27T20:20:21Z sshd[5512189]: Received disconnect from otherhost: 11: Bye Bye

2014-11-27T20:30:29Z sshd[11182883]: Connection from w.x.y.z port 54650

2014-11-27T20:30:30Z sshd[11182883]: Address w.x.y.z maps to knownhost.somewhere.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

2014-11-27T20:30:30Z sshd[11182883]: Failed password for root from w.x.y.z port 54650 ssh2

2014-11-27T20:30:30Z sshd[11182886]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:30:30Z sshd[11182886]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:30:30Z sshd[11182883]: Accepted keyboard-interactive/pam for root from w.x.y.z port 54650 ssh2

2014-11-27T20:30:30Z sshd[11182883]: pam_per_user: create_subrequest_handle(): doing map lookup for user "root"

2014-11-27T20:30:30Z sshd[11182883]: pam_per_user: create_subrequest_handle(): creating new subrequest (user="root", service="system-auth-generic")

2014-11-27T20:30:30Z sshd[11182883]: pam_unix(system-auth-generic:session): session opened for user root by (uid=0)

2014-11-27T20:30:30Z sshd[11182883]: User 'root' running command 'vim-cmd vmsvc/power.suspend 252'

2014-11-27T20:33:56Z sshd[11182883]: Received disconnect from w.x.y.z: 11:

failed logins follow successful logins in such a fast sequence that I can not make head or tail of it

That looks strange to me as well.. What does the shell log say? cat /var/log/shell.log

it should list the last commands that were issued.

I looked for the shell.log first of all - I even looked for deleted shell.logs but nothing that would help could be found.

Im assuming no hostd / vpxa logs as well?