Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Glossary > Command and Control C2

What is Command and Control C2?

Command and Control C2 Definition: A communication channel through which attackers remotely direct compromised systems and extract data or execute malicious commands.

Understanding Command and Control C2

Command and Control (C2) infrastructure forms the nervous system of a cyber attack, allowing hackers to remotely manage compromised systems and extract data. Once malware infects your system, it establishes a channel back to the attacker's C2 server, creating a backdoor through which they can send commands, update their malware, or pull data out. Modern C2 channels are incredibly sophisticated—they often hide in normal traffic, use encrypted connections, leverage legitimate services like Twitter or GitHub for communication, and switch between different servers or protocols to avoid detection. Some advanced malware even has fallback mechanisms, so if one C2 channel gets blocked, it automatically switches to an alternative. Detecting C2 traffic requires looking for unusual outbound connections, unexpected encrypted traffic patterns, or communications with newly registered domains.

Learn More About Command and Control C2:

Command and control explained

Related Cybersecurity Terms

Systems Security Engineering
Lateral Movement
False Rejection Rate Type I
Public key cryptography
Back to Glossary