Googling for "dark" and "ManualulIngineruluiMecanic" shows a lot of user/password pairs. I'm guessing something is just going off of a list of previously leaked usernames/passwords.
This has been going on for years. Idiots. To reduce the annoyance, you can use fail2ban or run ssh on a non-standard port.<p>From 2007:<p><a href="http://www.techrepublic.com/blog/security/protect-ssh-from-brute-force-password-cracking-attacks/349" rel="nofollow">http://www.techrepublic.com/blog/security/protect-ssh-from-b...</a><p><a href="http://lwn.net/Articles/255651/" rel="nofollow">http://lwn.net/Articles/255651/</a>