Those two things are actually the same thing, both are wilfully ignoring situations like this.
Hanlon's Razor is a good first approximation or initial approach to a situation, not the end of the discussion. There are many situations where incompetence may appear to be an explanation, but is in fact not the root cause, and may even be being actively used as a cover for malicious actions.
The point of the razor is that it is up to us to sort out the difference, not to just jump to a conclusion that it is malice, or that it is incompetence.
In this case, Amazon has had plenty of time, resources, and skilled people to see the need and implement an escalation & resolution pathway. That they have so persistently failed to do so for so long indicates a cause beyond mere incompetence. Even if they are not being as actively malicious as the malware distributors, they clearly and actively DGAF.
So you are claiming that they have had so many opportunities to do the right thing, that they aren't merely incompetent, but are in bed with the evil doers? That would be a huge claim, to say the least.
Also, would you take that job?
Some poor support person probably got this and punted because they couldn't pattern match to something in their handbook.
For every thoughtful, detailed security report there are about 500 others that involve voices from appliances, self-xss, csrf on logout and 5G coronavirus. It is extremely difficult for L1 support to make sense of these. Having a support contract or attracting attention on the forums are decent ways to pop out from the background noise.
Poor communication channels happen even when folks don't want it to. Humans are bad at doing such things.
