Command and Control (C2/C&C)
Infrastructure used by threat actors to remotely communicate with and control compromised systems.
Full Definition
Command and Control (C2 or C&C) refers to the infrastructure — servers, domains, communication channels — that attackers use to remotely issue instructions to compromised systems and receive stolen data. It is the nervous system of most modern malware operations.\n\nC2 communications must evade detection while maintaining reliable connectivity. Techniques include using legitimate cloud services (Telegram, Discord, GitHub), domain generation algorithms (DGA), encrypted traffic over standard ports, and peer-to-peer architectures to eliminate single points of failure.\n\nFor infostealer malware, C2 infrastructure is used to receive harvested logs containing credentials, cookies, and financial data from infected endpoints. Law enforcement takedowns of C2 infrastructure — such as those targeting Lumma Stealer in 2025 — can significantly disrupt malware operations. Identifying and blocking C2 indicators is a primary function of threat intelligence platforms.
Related Terms
Botnet
A network of compromised computers controlled remotely by a threat actor.
Malware & InfrastructureMalware
Any software intentionally designed to cause harm, disrupt, or gain unauthorized access to systems.
Malware & InfrastructureInfostealer
Malware designed to silently harvest credentials, cookies, and sensitive data from infected devices.
Malware & InfrastructureIndicators of Compromise (IoC)
Forensic artifacts that indicate a system may have been breached or is actively under attack.
Threat IntelligenceMonitor Your Exposure on Whiteintel
Understanding threats is the first step. Whiteintel continuously monitors dark web sources, stealer logs, and breach databases so you know the moment your organization's data is at risk.