Command-and-control infrastructure is the set of servers, domains, and services attackers use to manage compromised systems after initial access. Through C&C, an operator can send instructions, update malware, exfiltrate data, or coordinate multiple infected hosts from a distance. The infrastructure may include traditional web servers, cloud services, messaging platforms, or rotating DNS setups such as fast flux.
It matters in cyber security because C&C is the control plane of many intrusions: if defenders can detect, block, or sinkhole it, they can interrupt an attack even when the malware remains on endpoints. Analysts look for repeated beaconing, unusual DNS lookups, and connections to changing IP addresses or domains. In defenses, DNS telemetry, threat-intelligence correlation, and network filtering help reveal or disrupt C&C activity. In real attacks, resilient infrastructure makes takedowns harder and keeps criminal operations reachable long enough to coordinate extortion, persistence, or lateral movement.