Looks like the attacker has successfully launched another attack.  This time using the address 3EgSUauJG5N27AUfQwiUfjAhHe6y9AKdVs corresponding to the script:


This time the attacker managed to successfully fill the 20,000 sigOp limit for block #382053, where 1245x15 = 18675 are fake sigOps arising from the attack transactions.  This meant that no more transactions (legitimate or otherwise) could be included in the block, leading to an underfull block of ~288KB (of which ~68KB are the attack txs).  Note that the network is currently running at capacity, with 1MB or 750KB blocks the norm.

The new attack was limited to a single block.  Also the attacker used a low fee rate of ~18sat/byte.  A higher fee rate would have made the attack for effective (but more expensive).