Sadly CAPTCHA is not good enough to stop spammers by itself. Most these days are paid humans using a script to help them register en masse, but their software pops up prompts to let them type in CAPTCHA, etc. It’s sickening to see some of the YouTube videos, but that’s the sad reality.
Have you found a pattern to the source? You may find it beneficial to block certain traffic at the firewall level, not even letting it reach ExpressionEngine. Also make sure you are requiring self-validation (though their software helps them make that quick too), and that you have not disabled any of ExpressionEngine’s security features, like “Secure Forms”, the CSRF protection. Lastly, you can augment the built-in CAPTCHA with a honeypot, or even better, a tool like Snaptcha.