Chinese APT Abuses Multiple Cloud Tools to Spy on Mongolia
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
Discover the latest trends on Command and Control in cyber security, your hub for infosec insights, threats, and defense strategies.
Search across headline titles and summaries.
Background for this topic.
Command and Control (C2) describes the communication channels attackers use to remotely manage compromised systems within a target network. These channels allow adversaries to send instructions to malware, enabling actions like data theft, lateral movement, or launching attacks such as Distributed Denial of Service (DDoS). C2 infrastructure often involves covert protocols or encrypted traffic to evade detection.
Effective defense requires monitoring network traffic for unusual patterns or connections to known malicious domains and blocking or isolating suspected C2 communications. Disrupting these channels can prevent attackers from controlling infected devices, limiting the scope and impact of an intrusion. Understanding C2 techniques is essential for prioritizing network segmentation, threat intelligence integration, and timely response to contain active compromises.
Weekly headline count for the current query.
The threat actor gave itself plenty of options to support command and control, tapping Microsoft Outlook, Slack, Discord, and file.io for online espionage.
India-nexus cyber threat actors are growing more active and sophisticated, using custom tools coded in Rust and cloud-based command and control.
"Prince of Persia" has rewritten the rules of persistence with advanced operational security and cryptographic communication with its command-and-control server.
State-linked hackers stayed under the radar by using a variety of commercial cloud services for command-and-control communications.
The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.
Interpol's Operation Secure arrested more than 30 suspects across Vietnam, Sri Lanka, and Nauru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
Interpol's Operation Secure arrested more than 20 suspects across Vietnam, Sri Lanka, and Naru, and seized 117 command-and-control servers allegedly used to run widespread phishing, business email compromise, and other cyber scams.
APT41, a Chinese state-sponsored threat actor also known as "Double Dragon," used Google Calendar as command-and-control infrastructure during a campaign last fall.
The threat actor is using a sophisticated network of VPNs and proxies to centrally manage command and control servers from Pyongyang.
The malware, KTLVdoor, has already been found on more than 50 command-and-control servers and enables full control of any environment it compromises.
The global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.
Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection.
With a complex attack chain and using Telegram for its command and control, CoralRaider targets victims in Asian countries — and appears to have accidentally infected itself as well.
Cloudzy is a command-and-control provider (C2P) to APT groups in Iran, North Korea, and Russia, according to Halcyon.
Using command-and-control servers from the decade-old Andromeda malware, the group is installing reconnaissance tools and a backdoor on previously infected systems to target Ukrainian victims.
Threat actors can take over victims' cloud accounts to steal data, or use them for command-and-control for phishing attacks, denial of service, or other cyberattacks.
The operators of the emerging cross-platform ransomware BianLian increased their command and control infrastructure this month, indicating an acceleration in their operational pace.
"HavanaCrypt" is also using a command-and-control server that is hosted on a Microsoft Hosting Service IP address, researchers say.
Telemetry from industrial systems security firm Dragos has spotted the malware command-and-control servers communicating with several automotive manufacturer systems.