Weaponizing Real-world Applications as C2 (Command and Control)
Abhishek Sidhardhan, S Keerthana, Jinesh M. Kannimoola
Abstract
The cybersecurity domain faces growing threats from Advanced Persistent Threat (APT), a targeted attack against high-profile organizations that can remain undetected for extended periods despite improvements in detection mechanisms. Despite developing sophisticated detection methods, large-scale attacks continue to occur worldwide using traditional techniques such as C2C (Command & Control) communication with various frameworks and protocols. To combat these attacks, researchers must understand new trends in intrusion techniques. This study utilizes real-world applications, including social media and collaborative platforms, as C2 channels to communicate stealthily and undetectably with compromised hosts in the post-exploitation phase of APT attacks. Through a case study, the authors demonstrate how this method can evade state-of-the-art intrusion detection methods, clearly understanding how APT can weaponize Twitter as a C2 channel, enabling defenders to detect and respond to such attacks.