Well I am assuming they are script kiddies, could be anyone really. I just can’t imagine a serious security professional doing what some people appearing to be doing to my poor little Raspberry PI.
I took a cursory glance at the Apache logs for my Raspberry PI which is happily responding to web requests. The vast majority of the requests were just attempts to identify known vulnerabilities in different frameworks/languages etc. The old version would have been war dialling I suppose.