C2 servers, short for Command and Control servers, are systems used by attackers to remotely control infected devices within a network. Once malware compromises a device, it connects back to the C2 server to receive instructions, such as stealing data, spreading to other systems, or executing malicious commands. These servers are a core part of many cyberattacks, including botnets, ransomware, and advanced persistent threats (APTs). Blocking or disrupting C2 communication is key to stopping an attack and limiting damage.