Years ago, maybe 7 or 8 years, we had an attack at UtterAccess from an organized group. One group of people would join and post generic things, and then sometime later, a second person or persons would begin responding to those posts with their spam. It might have been the same people under different user names, but there were definitely more than one involved. At the time I believed they were part of a for hire group that sold "SEO boosting" on that basis.
Is it possible those older members were advanced scouts doing that same kind of thing? Is the time lapse between posts too long for that? Can you identify IPs for them?