Command and Control (C2)

A Command and Control (C2) system is a communication framework that allows cybercriminals to remotely manage compromised devices or networks.

Also known as C&C or C2, this infrastructure serves as the central hub through which attackers issue commands, receive data, and maintain persistent access to infected systems.

In a typical attack scenario, malware installed on victim machines establishes communication channels back to C2 servers controlled by the attackers. These servers can then send instructions to download additional malicious payloads, exfiltrate sensitive data, participate in distributed denial-of-service attacks, or perform other harmful activities. The compromised devices effectively become part of a botnet under the attacker's control.

C2 infrastructure can take many forms, from simple web servers to sophisticated, distributed networks that use encrypted communications and domain generation algorithms to evade detection. Advanced threat actors often employ multiple layers of C2 servers, proxy networks, and legitimate cloud services to mask their operations and maintain resilience against takedown efforts.

Detecting and disrupting C2 communications is a critical component of cybersecurity defense strategies, as cutting these communication channels can effectively neutralize an attack even when malware remains present on infected systems.