This is not solution but attempt to understand what happening.
Litespeed using its own built-in version of mod_security (possible customized).
I don’t know how to determine what version of mod_security it contain but suspect this is not the latest one.
So this can be the answer why brute force is working on Apache but not working on Litespeed.
To help us to locate problem can you please check following:
- Because mod_security compiled-in there is possibility something broken in new LS version. Was the Litesped updated lately on your server?
- What Litesped mod_security log contains?