Hacked MacBook Pro (2019) and iCloud/iPhones

Yet more info I forgot.

If you don't want to be so mean as to permanently lock unknown devices, you can do two other things. One, remotely erase it, which is almost the same as putting it into lost mode. Or, simply remove it from the list. Though this isn't quite as easy as it sounds. The device must be offline (logged out) before you can remove it.

So really, the only way to kick this person out of your account, if they won't voluntarily log out, is to remotely erase and lock it.

If they voluntarily log out, immediately change the password of your account so they can't log back in. No matter how much of a friend this person is or how much you trust them, they have no business being in your account. Anything you do, they can see. Pictures, contacts, texts, etc.

Make sure while you're in iCloud.com to check that only your devices and/or phone numbers are listed as trusted. No one but you should be getting notifications that someone has tried to enter your account without your knowledge. Also, make sure 2FA is set up. If it already is, assume the friend already knows the answers. Change all of them so only you know the answers.

steve359 has started with some excellent points. Here's more as I can guess from what you've written.

The tech adviser I spoke with at the “Genius Bar” didn’t even attempt an actual wiping and reloading of the system through disk recovery (I was not able to access this function). She clicked through settings to erase and reinstall the operating system.

Then a wipe is what she did.

She couldn’t identify who at apple may be able to observe the activity monitor and ID anything malicious and not part of apple OS

Apple doesn't, and can't monitor your devices. The most they do is send an automated email to the address in your account if anyone has logged in from a device that hasn't been used to do so before. And that can even be the same as an already trusted device, except after a completed OS upgrade. It's still considered different enough to let you know.

Someone coded my MacBook to be in enterprise system with me as a front end admin only, … but again, trusted friend was making some “adjustments” to the Mac to get it to work better with the wifi (derp). Close friend AND a network/cloud engineer.

First you say "someone", which suggests you don't know the person, but then say it's a close and trusted friend. Same person? Regardless, it was a complete waste of time and fully unnecessary to set up your Mac as an enterprise managed system. Personally, I would never let this friend touch any of my devices again. Ever.

Anyway, cyber risk not with apple (shockingly apple doesn’t have any such thing) was the source of advising the Mac and phone are at risk of further hacking due to have the registry?

No Apple product has a registry. That's a Windows only thing.

There was a breach of my work NDS by logging on via the Mac, also.

Can't comment there. Who knows what may have happened after you let whoever it was have remote access to your desktop. But that should be gone now since the Apple employee wiped the Mac.

Going even further back: My router was hacked by friend knowing the password, devices were named as other devices, assigned faux MAC #s,

Not really a hack when the friend knew everything they needed to get into the router's settings. You have two choices here:

1. Replace the router. It will have a new admin name and password, and new wireless passwords. The "friend" won't know what these are and will no longer be able to access your router's signal.
2. Free method. Reset the router per the owner's manual. Anything they did will be wiped away and the router's settings will all be back to the defaults. Problem, the "friend" knows how to log back in. Change it so s/he can't. After resetting the router, it will boot back up. Immediately go into the router's settings pages via the browser (normally 192.168.0.1 as the web address). Go directly to the wireless settings and turn them off. Both the 2.4 and 5 GHz bands if it has both. Now that this "friend" can't see what you're doing, first change the default login to something else. Ignore the defaults on the sticker. S/he knows these. Change both the admin name and the password, both as something difficult to guess. Write these down so you remember them. Do not let anyone else know what these are. Apply the changes. The router may restart. Next, change the wireless passwords. Again, s/he knows these, and you want to keep them completely off your system. Put in new, difficult to guess passwords. Do not let anyone else know what these are. You will need these to connect your wireless devices to your router, like your TV, TiVo, DVD/Blu-ray player, and anything else you have that needs to talk to the router wirelessly. Turn wireless back on and apply the changes. Exit the settings.

The tech person you spoke to is the worst kind of idiot. And I'm being polite.

No idea who you mean by a "trusted party", and without a specific name of who this was, we can't determine what may have happened. But as a guess, you responded to a scam email/message/text that claimed your device was compromised and to call a number shown to get help NOW, NOW, NOW! You then let some crook at the number have control of your desktop.

But no, your devices are not compromised forever. That's insane and 100% wrong. Your Apple ID? Yes, that's a possible problem, but not the hardware itself.

Replacing your phones is not necessary. At all. Not even a little. If you login to the compromised iCloud account with the new phones, they will have the exact same problems since it's the account they got into. They may have accessed the router (which is part of the mesh) and changed its settings.

Regardless, all of this is fixable. The Mac has already been set back to factory condition. There's nothing wrong with it. To fix the modem and mesh system, follow the instructions for each to reset them to their original factory state. Any changes the crook made to them will be gone. As far as the phones go, easiest would be to abandon your old account and start a new one. If you have a lot or purchased App Store items and/or iTunes music, you will lose them if you do this. Yes, you can fix it, but that will take more work.

Main point is, you do not need to replace any of your hardware. It will do nothing to solve the issue you can't fix with what you have.

mirrored my screen to capture work info and whatever boring info I possess privately, and connected the system to a remote network linked to a remote PC

If you do not own and did not set up that remote server that was more than suspicious.

I didn't even ask.

Why not?

Why was this activity started? Did an email tell you your system was compromised ("we determined this at distance")? Or did you want to bypass some access that your "enterprise" put in place because it is theirs ... you dd not mention if the "enterprise setting" was newly introduced or existed when it was given to you?

You mention a person at GeniusBar who helped ... I hope you originated this at a physical location to know who was working. Apple Genius Bar would likely have installed a full-clean system.

As advised, stop using accounts that are in question and accept the rebuild costs.

then I later bypassed the crappy router, added google mesh-which was then evil twin hacked (this one was my bad-had not a clue what it was), and of course, the iPhone and MacBook were also…hacked.

Bypassed? Normally, a mesh connects to your router. That's the entire point of a mesh - to expand the wireless signal around your home. So, quite naturally, it is affected by the same garbage your router was changed to. Reset the mesh back to its hardware defaults. Reconnect it to your newly reconfigured router.

Remote access to both Mac and iPhones (have had 3 since iCloud breach), and the longevity of the access via iCloud account (back to at least 2017, likely 2014), mean (from your comments) that I have to keep my compromised iCloud separate from the new/clean devices moving forward and start with a new account.

This is the harder part. Main question. Can you login to your Apple ID at icloud.com ? If so, then this person hasn't changed the password. Do so before they do. If they have changed it, then yes, your iPhones probably will be useless since you won't be able to log then out of your account. They'll be forever stuck under the "friend's" control.

If you can login, click on the Account Setting link. If there are any devices you don't recognize, these are the ones the person who climbed into your account is using. Click on each one and set them to lost mode (activation lock). They'll never be able to use their Apple devices again. Serves them right. Leave them like that in your account so they remain locked. Change your password to something difficult to guess. Log your iPhones out and then back in with the new password.

But the point here is you do not need to spend money on new phones. Keep the ones you have.

Not a big deal, I suppose. I’m still worried about the MacBook.

The MacBook is fine.