The first spike occurred in November 2015 and both sets of attacks were spread over the Propeller Ads Media network.
The latest wave of attacks is attributed to the integration of Flash exploit (CVE-2015-8651) into the EK, according to a Wednesday blog post. The previous wave was also linked to the integration of the then new Flash exploit (CVE-2015-7645).
Researchers also spotted a similar malvertising attack that was being spread via the AdsTerra network. Both campaigns were reported to their respective networks.
The Magnitude EK has a unique URL pattern that makes it easy to spot from the clutter of network traffic captures because it uses chained subdomains typically ending in a shady Top Level Domain like pw (Palau Pacific island), researchers said in November 2015 post.