I used to be on an IRC server that ran a honeypot to then find actual compromised servers and check them out - IIRC there were Ecuadorean government servers, and a load of routers in India, etc.

Most of it was just malware analysis and people creating pubstro servers for fun with different communities.

Not everything is Reds under the bed.