XMLRPC compared to wp-login as an attack target in WordPress. Which is more frequently attacked and how to protect your site against brute force attacks.
Regarding US XMLRPC and Amazon —
One possibility is that 36 servers at Amazon EC2 have been compromised and they have been used to launch a very rapid and wide-spread brute force attack during the past 2 weeks. That attack generated over 144 million failed login attempts across the sites we monitor.
An alternative theory is that a developer may be using EC2 to host an application that is trying to sign into WordPress websites using XMLRPC. The application may not handle bad user credentials correctly and may just keep retrying.