KashmirBlack botnet started operating in November 2019 and has since infected thousands of websites. KashmirBlack attacks vulnerabilities in content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims. The researchers estimate that KashmirBlack infects about 700 vulnerable content management system servers each day, which could mean the botnet is responsible for 230,000 compromised servers. The botnet appears to have originated in Indonesia and is controlled by a hacking group called “PhantomGhost” The group also uses cloud services such as Dropbox and GitHub to hide the infrastructure from security tools.”]
Source: https://www.cuinfosecurity.com/kashmirblack-botnet-targets-content-management-systems-a-15243