Cyber espionage through Botnets

Botnets, the groups of illegally controlled infected devices on the Internet have had a history of two decades already. This history shows an evolution of the infection techniques, the scope of the target devices, and their usage. Thus, the new direction is the usage of sophisticated data leakage techniques by state-sponsored hacker groups. Our article analyses this evolution while focusing on Botnet usage for cyber espionage. We present the Botnet architecture in the context of network science research, lifecycle, applied network protocols, and capabilities. Next, we analyze two examples, the APT28 group activities and the VPNFilter Botnet, which demonstrate the real-life cyber espionage capability of this technique.