An interesting story, with few surprises for security aware people. Kapersky has the lead on this revelation -
Link to securityaffairs.co cyber-crime report on the xDedic marketplace
"The researchers confirmed that the xDedic marketplace is run by a Russian-speaking group, it currently offers 70,624 hacked Remote Desktop Protocol (RDP) servers from 173 countries."
Compromised web server sites are rented out for as low as $6, and span Government, University, and financial institutions.
If Kapersky undertakes to track them all down and try to get the owners to clean them up, they have a major challenge to face. Complacency.