Can't help much with the breach, but would suggest locking out ALL IP addresses from China. Not likely you have any legit users from there (then again you might, I don't know).

One thing for sure is that China is the source of a LOT of undesired internet traffic. Blocking out the complete range of IP addresses gets rid of the largest source of mischief.