Crooks found a new way to collaborate using Teams – by hiding command-and-control traffic
Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration
Discover the latest trends on Command and Control in cyber security, your hub for infosec insights, threats, and defense strategies.
Search across headline titles and summaries.
Background for this topic.
Command and Control (C2) describes the communication channels attackers use to remotely manage compromised systems within a target network. These channels allow adversaries to send instructions to malware, enabling actions like data theft, lateral movement, or launching attacks such as Distributed Denial of Service (DDoS). C2 infrastructure often involves covert protocols or encrypted traffic to evade detection.
Effective defense requires monitoring network traffic for unusual patterns or connections to known malicious domains and blocking or isolating suspected C2 communications. Disrupting these channels can prevent attackers from controlling infected devices, limiting the scope and impact of an intrusion. Understanding C2 techniques is essential for prioritizing network segmentation, threat intelligence integration, and timely response to contain active compromises.
Weekly headline count for the current query.
Custom malware routed communications through legitimate Microsoft services, making malicious activity look like routine corporate collaboration
ThreatLabz finds free alternative to Cobalt Strike and other tools used in the wild There's a fresh open-source command-and-control (C2) framework on the loose, dubbed Havoc, as an alternative to the popular Cobalt Strike, and other mostly legitimate tools, that have been abused to spread malware.…
Nascent platform provides miscreants an easier and cheaper way to launch remote access, DDoS, and other attacks A platform that makes it easier for cyber criminals to establish command-and-control (C2) servers has already attracted 3,000 users since launching earlier this year, and will likely expand its client list in the coming months.…
That should keep the criminals offline for, well, weeks probably Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using as command-and-control servers.…
Control systems scrubbed, hijacked network devices need to be patched and cleaned The US Justice Department today revealed details of a court-authorized take-down of command-and-control systems the Sandworm cyber-crime ring used to direct network devices infected by its Cyclops Blink malware.…
Kremlin-backed Sandworm found a VPNFilter replacement Cyclops Blink malware has infected ASUS routers in what Trend Micro says looks like an attempt to turn compromised devices into command-and-control servers for future attacks.…