Published in cybersecurity, all | 3 minutes reading time

What are command-and-control (C2) callbacks?

Stay up to date!

* By subscribing to the latest news from our blog, you consent to us storing your email address, and sending you monthly emails. You can, at any time, retract this consent.

The number of malicious hacker attacks has increased dramatically over the last three years. One of the most damaging types of attacks, often executed over DNS, is accomplished through command and control, also called C2 or C&C callbacks.

Let's have a look at how hackers use this technique to infect their victims.


What is a C2 server?

A command-and-control server is a computer that is controlled by a cybercriminal. Command-and-control servers are used by attackers to maintain communications and send commands to systems inside a target network compromised by malware. These systems can include computers, smartphones, and even IoT devices connected to the network.


How are C2 servers used?

C2 servers act as command centres from where malware receives its commands. They are also used to collect and store stolen data. Establishing C2 communications is a vital step for attackers to access network resources. 

The attacker starts by infecting a computer, which may sit behind a firewall. This can be achieved in several ways:

  • Via a phishing email that tricks an unsuspected employee into clicking a link to a malicious website or opening an attachment that executes malicious code.
  • Through security holes in browser plugins.
  • By downloading malicious apps.
  • With malicious code brought in on external devices, e.g. USB sticks.
  • Via other infected software.

Once a machine is compromised, the hacker will ping the infected computer or device for a callback to test the new connection. The infected computer will then carry out the commands from the attacker's C2 server and may install additional software.

The attacker now has complete control of the victim's computer and can execute any code. The malicious code will typically spread to more computers, creating a botnet – a network of infected machines. In this way, an attacker who is not authorised to access a company's network can obtain full control of that network.


What can hackers accomplish through command and control?

C2 attacks pose real dangers to shipping companies, with potentially severe operational, financial and reputational risks. Typically, attackers want to achieve the following:

  1. Data exfiltration. Sensitive data, such as credentials, operational documents, financial data, employee records and other sensitive information, can be copied or transferred to an attacker's server.
  2. Shutdown. An attacker can shut down one or several machines, or even bring down a company's network, ultimately bringing normal operations to a halt.
  3. Distributed denial of service. DDoS attacks disrupt or shut down web servers as well as entire networks. DDoS attacks overwhelm servers or networks by flooding them with internet traffic. Once a botnet is established, an attacker can instruct each bot to send a request to the targeted IP address, creating a jam of requests for the targeted server. Legitimate traffic to the attacked IP address is denied.

Editor's note: This article was originally published in October 2019 and has been revised and updated for accuracy and comprehensiveness.

Try dualog protect


What are command-and-control (C2) callbacks?
Written by Rune Larsen, Product Marketing Manager

Rune Larsen is Product Marketing Manager in Dualog. Educated in business strategy and marketing from the Arctic University of Norway, he has more than 25 years of experience in the creative industry, where he worked as a writer, consultant, graphic designer, and creative director in various advertising agencies and design studios. He's been orchestrating brand identity projects, design work and brand building campaigns for a wide range of organisations. He brings a passion for great design to the team, never compromising on the importance of the 'experience' part of UX. When not at the office, he enjoys hiking with his wife or is busy being a football coach for his youngest daughter. His fitness regime involves either running or cross-country skiing. Rune is an avid reader of business-related books, and he loves the occasional bottle of Barolo.

Related blog posts