A Command and Control (C&C or C2) server is a computer controlled by an attacker or cybercriminal, used to send commands to systems compromised by malware and to receive stolen data from a target network. These servers act as the central hub for orchestrating malicious activities such as data theft, malware deployment, and network disruption.
C&C servers are essential in cyberattacks, especially within botnets—networks of infected devices—where they manage and coordinate the actions of compromised machines. Attackers use C&C servers to issue directives like stealing sensitive information, spreading additional malware, or launching distributed denial-of-service (DDoS) attacks.
To avoid detection, attackers often use legitimate cloud services or employ techniques like domain fluxing and encryption to blend C&C communications with normal network traffic. The architecture of C&C infrastructure can vary, with centralized, peer-to-peer (P2P), and random models being the most common.