C2 Infrastructure
Command-and-control (C2) infrastructure is the server, domain, or cloud resource malware uses to receive instructions and exfiltrate data. Blocking C2 IPs and domains at the firewall and DNS layer disrupts active infections before lateral movement.
Frequently Asked Questions
What is C2 Infrastructure?
Command-and-control (C2) infrastructure is the server, domain, or cloud resource malware uses to receive instructions and exfiltrate data. Blocking C2 IPs and domains at the firewall and DNS layer disrupts active infections before lateral movement.
How is C2 Infrastructure related to C2 (Command and Control)?
C2 Infrastructure and C2 (Command and Control) are both key concepts in threat intelligence. A Command and Control server is infrastructure used by attackers to remotely control compromised hosts (a botnet) and deliver instructions, exfiltrate data, or push malware updates. Blocking C2 communications is one of the most effective ways to disrupt an active attack.