It remains unclear why the Quad7 operators persist in maintaining the infrastructure established in 2022 by re-compromising routers upon their restart, rather than expanding their botnet by targeting new IP addresses. One possible reason could be to evade detection by honeypots, as new IP addresses after the The curious case of the 7777 botnet may be honeypots to catch them. Another, and more plausible, explanation is that they haven’t updated their target list for months or even years. This hypothesis would also explain the decrease of compromised assets over the time.