Use Cases of Command and Control

Threat actors and Advanced Persistent Threat (APT) groups are always thinking about clever techniques and strategies to compromise their next target. A technique that is commonly used by threat actors is implementing C2 operations to centrally manage compromised hosts over the internet. A threat actor will set up one or more C2 servers on the internet that serve the purpose of centrally managing infected and compromised systems, uploading data from the compromised hosts, and downloading additional malware onto newly infected devices. Note These C2 servers also serve as update servers for malware such as ransomware. When ransomware infects a new device, most malware is designed to establish a connection to designated C2 servers on the internet to download updates, which ensures cybersecurity professionals are not able to eradicate/remove the malware infection from the host. ...

November 24, 2025 · 3 min · 479 words · 0x-s0M3n4th