Cyber threat actors use darknet forums to find and participate in "botnet opportunities" which may be both for hacking purposes or for investments in cryptocurrency silent mining. The Dark Web has grown to be an active stage for botnet discussion and commerce, rendering botnet-based cyber-attacks more likely.
Once a cyber threat actor takes control of a computer by using a trojan or another kind of malicious program, full access to the computer is gained and the actor is free to use that access for DDoS attacks, sending spam emails for phishing attacks, for spreading malware, for generating traffic on a website, and for other kinds of attacks. In essence, hackers can use botnets just like weapons.
Darknets provide the hacker with a platform through which an army of botnets can be recruited. Some cyber-attacks consume a massive number of botnets and require a longer preparation period with more intensive efforts on the part of the hacker. For example, in order to generate a successful DDoS attack against a large corporation's DNS server, the hacker would have to recruit a huge number of botnets that would repeatedly send queries until the server crashes. The hacker may be able to reduce some of the preparation burden by purchasing some of the botnets on a Dark Web forum.
With an increasing awareness of the vulnerability of devices in the IoT era, cyber threat actors will likely find the use of botnets more and more attractive. Searching for the right opportunities on the Dark Web, they will no doubt find willing partners for botnet-based cyber-attacks and botnets for sale on demand.