https://devlog.websafe.pl/2013/03/27/outdated-joomla-websites-with-jce-used-to-attack-beneficial-data-processing-corp-and-regions-financial-corporation/
This was the exact same situation for me, too.