Commodity malware campaigns achieve scale and persistence by recycling leaked government-grade exploits. Botnet operators use these advanced weapons to move laterally through internal networks.
## Recycling Leaked Cyber-Weapons
To maximize infection speed, cryptocurrency botnets like Smominru integrate potent exploit code originally developed by the National Security Agency (such as EternalBlue). When these weapons are leaked or published online, cybercriminals quickly adapt them to automate target penetration.
## Exploiting the Internal Perimeter
Malware uses recycled exploits to spread laterally from machine to machine within local networks. Once an initial boundary is breached, unpatched internal servers provide zero resistance. This lateral movement enables the botnet to compromise entire subnets without needing to penetrate external firewalls for each individual host.
**Cross-Domain Connections**: [[Monero Mining Botnets Cause Denials of Service]]
## Source
- [[Cryptocurrency Botnets Rendering Companies Inoperable]] — Ars Technica/Dan Goodin, 2018-02-03 — https://arstechnica.com/information-technology/2018/02/cryptocurrency-botnets-are-rendering-some-companies-unable-to-operate/