I work in a German institution. I was recently hacked by such a botnet recently (lessons learned: use AuthorizedKeys, allow only one SSH user, proxy all http connections to a webhoster, and check your SSH and UFW logs often!)
It setup a virtual environment where it downloaded some kind of Tor node and ran some sort of code that used 100% of my CPU. My guess is crypto-mining. I purged the account, deleted everything before I could do forensics, but I checked the logs for the connections and they all came from Russia.
I remember there was a series of articles several years ago that German intelligence officers generated a lot activity in far-right websites. To the point that frequently it was mostly undercover „extremists“ discussing between themselves.
The closest article I can quickly find is about Germany intelligence informants doing the same in meatspace though.
> There was a "risk that sources of the intelligence service (Office for the Protection of the Constitution) could goad each other on to undertake bigger actions;" in other words, the system threatened to create an "incendiary effect."
I work in a German institution. I was recently hacked by such a botnet recently (lessons learned: use AuthorizedKeys, allow only one SSH user, proxy all http connections to a webhoster, and check your SSH and UFW logs often!)
It setup a virtual environment where it downloaded some kind of Tor node and ran some sort of code that used 100% of my CPU. My guess is crypto-mining. I purged the account, deleted everything before I could do forensics, but I checked the logs for the connections and they all came from Russia.