A malware developer suspected of operating out of China is in control of a botnet of 15,000 compromised Windows Server machines. He uses the botnet to mine for various crypto-currencies, and primarily Monero. The botnet is currently gaining and losing about 500 bots per day, with over 2,000 daily active bots. Researchers say the crook used various exploits and brute force attacks on computers with weak RDP credentials to grow his botnet. At the time of writing, Bondnet seems to be standing still, but server admins need to rethink security of their systems.
Source: https://www.bleepingcomputer.com/news/security/15k-botnet-mines-for-cryptocurrencies-on-vulnerable-windows-servers/