More than 17,000 unique command-and-control servers
around the world have been discovered in 2022, a 30% increase from last year, reports The Record
, a news site by cybersecurity firm Recorded Future.
China had the most number of identified C2 servers at over 4,000, followed by the U.S. and Hong Kong, with the three leading countries accounting for 55% of all discovered C2 servers, a Recorded Future report showed. China also led in terms of C2 server hosting volume, surpassing the U.S. for the first time.
Most of the servers have been attributed to Cobalt Strike, IcedID, PlugX, and QakBot, which has been expanding its C2 infrastructure alongside Emotet. The findings also showed the persistent usage of Cobalt Strike among threat actors.
"Cobalt Strike is so prevalent because it is easy to use, has a wide range of capabilities, is pretty flexible, people (both threat actors and red teamers) have just gotten used to it, and is still somehow difficult to detect and remove," said Recorded Future researcher Julian-Ferdinand Vgele.