C&C (also known as C2) is a method that cybercriminals use to communicate with compromised devices within a target company’s network.
In a C&C attack, an attacker uses a server to send commands to — and receive data from — computers compromised by malware. This server is also known as a C2 or C&C server. The attacker can use the server to perform various malicious actions on the target network, such as data discovery, malware spreading, or denial of service attacks. The server can also serve as the headquarters for a botnet, which is a network of infected devices. C&C communication is a critical step in the process of carrying out an attack on a network or offering malicious services to other actors.