securityonline.info 7/1/2026, 7:32:06 AM · external

Hunt.io maps 3,900 C2 servers, exposing Europe cybercrime hub

Hunt.io maps 3,900 C2 servers, exposing Europe cybercrime hub
CyberSIXT Evidence Panel
Primary Source hunt.io
Threat Actor

A recent report from Hunt.io has mapped over 3,900 Command and Control (C2) servers primarily located in Eastern Europe, revealing a complex infrastructure used for various cybercrimes such as malware distribution and phishing. The analysis, conducted over three months, highlights significant contributions from Bulgaria, which hosts about 53.5% of these servers, particularly from Friendhosting LTD.

Multiple threat groups are associated with this infrastructure, including the APT Cloud Atlas and criminal organizations like ShinyHunters and Black Basta. The report emphasizes the importance of tracking hosting relationships rather than just individual IP addresses, as these stable hosting layers can persist despite changes in tactics and server usage.

View Primary Source Via securityonline.info

Article by CyberSIXT