I've monitored this activity on my forum, and it seems one IP will do one login attempt, to two different accounts, about 10 minutes apart and then go away for a couple of hours before coming back to do the same again. In between these visits, other IPs do the same, with similar intervals to different accounts. All together it adds up to tens, even hundreds of attempts a day - but it's really really hard totell apart legit attempts from the bots, other than the fact that it seems a notable portion of the bot IPs belong to TOR networks.
Most probably their only goal is to collect login+pw pairs, to be used elsewhere for more sinister purposes and targeted attacks.