The Bondnet botnet has infected an estimated 15,000 Windows server computers worldwide. The botnet, dubbed Bond007.01, has been active since December 2016 and is reportedly mining Monero. The attackers have targeted Windows 2008 servers equipped with MySQL. The primary attack surface appears to be Windows RDP combined with brute force attacks against weak credentials. However, the potential of the Bondnet to be weaponized into something more sinister shows just how dangerous it is. It is managed and controlled remotely by the unknown users and thus can also form a DOS attack network, a ransomware net or be used for simple passive surveillance.”]
Source: https://securityaffairs.co/wordpress/58799/cyber-crime/bondnet-botnet.html