Group 1 - The core viewpoint of the report is that botnets are increasingly being used as tools in geopolitical conflicts, impacting critical infrastructure and influencing public opinion [16][22][25] - Botnets are evolving into weapons for state-level cyber warfare, with significant DDoS attacks observed during major geopolitical events such as the Russia-Ukraine war and the Israel-Palestine conflict [16][22] - The report highlights that botnets are being utilized by advanced persistent threat (APT) groups and ransomware gangs for intelligence gathering and launching subsequent attacks [17][39] Group 2 - The report indicates that the Mirai botnet family is the most active, with a significant number of command and control (C&C) servers located in the United States [67][68] - The infection methods for botnets include exploiting vulnerabilities in Linux/IoT platforms and using phishing emails for Windows platforms, with the U.S. having the highest number of infected devices [51][58] - The report notes that botnets are increasingly employing advanced evasion techniques to avoid detection, such as using Domain Generation Algorithms (DGA) and DNS over HTTPS (DoH) [2][17] Group 3 - New botnet families are emerging, showcasing unique functionalities and communication patterns, which pose increasing threats to cybersecurity [3][67] - Active botnet groups like Hail and KekSec are frequently launching attacks, while new groups like Bigpanzi are also contributing to the evolving threat landscape [4][3] - The report predicts that botnets will be used more efficiently by APT and ransomware groups for profit-driven activities, with enhanced stealth in their propagation methods [4][16]