In that case it sounds like the last waves of malicious reset attempts happened after the patch was put in place