C2 Server (Command and Control)

Definition

A C2 server is used by attackers to remotely control infected systems (bots, implants). The C2 infrastructure is the nerve center of a cyberattack.

Via the C2 server, attackers send commands to compromised systems: download additional malware, execute tasks, send back stolen data. Modern C2 infrastructure uses encryption and domain fluxing to evade detection.

Related terms

Botnet APT (Advanced Persistent Threat) Threat Hunting MDR (Managed Detection & Response)
← Back to glossary