I'm skeptical of the "hobby project" designation. The botherder demonstrated decent operational security, except for the initial lapse of German C2 servers, and the tar file with user name "stefan". Used TOR to access things. Stefan T. Botherder wrote custom backdoor(s), and subnetted the infected machines. Stefan was careful not to exfiltrate data so fast as to raise alarms, and exhibited extensive knowledge of Linux and the NAS/DVR environments.

This is a lot better than most of the sub-moronic WordPress compromise bottom feeders who put bitcoin miners out there, or those goofs that run the Perl IRC bot. The Perl IRC bot people you could characterize as "hobbyists", but this botnet seems way too carefully done.

This article raises another question: how many carefully-built and maintained botnets are there, where the botherder just flies under the radar?