This article from Wired is well worth a read if you can spare 10-15 minutes. It gives good insight into the race to find the programmers that created the Mirai botnet in 2016 and what drove the three creators to build, refine and repurpose the infection they created, as well as how they tried to get away with it.
Mirai (Japanese for “the future”) is a malware that turns networked devices running Linux into remotely controlled “bots” that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by a whitehat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks ever recorded, including an attack on computer security journalist Brian Krebs’s web site, an attack on French web host OVH and the October 2016 Dyn cyberattack.
Here’s the Wired article link.