Large scale cryptocurrency mining in 2017 strikes back.
Bondnet is basically a a botnet of thousands of compromised servers, ready to be used for attacks as well.
This compromised server infrastructure earns them about 30.000$/month .
The attacker behind Bondnet breaches the victims through a variety of public exploits and installs a Windows Management Interface (WMI) trojan that communicates with a Command and Control (C&C) server.
As it seems the mastermind and operator behind this is located in Hongkong/China.
A really in depth analysis of this can be found below: