Inside Eastern Europe’s C2 Sprawl: 3,900+ Servers, 302 Providers, One Host
Source URL: hunt.io/blog/east…
Hunt.io’s three-month analysis of malicious infrastructure across Belarus, Bulgaria, the Czech Republic, Hungary, Poland, Moldova, Romania, Russia, Slovakia and Ukraine found more than 3,900 active command-and-control servers distributed across 302 hosting providers. The key finding is concentration: one Bulgarian provider accounted for more than half of the detected C2 infrastructure, a pattern that would be difficult to see by tracking only individual IPs or domains. The report reinforces the value of analyzing abuse at the hosting and ASN layer, where defenders, service providers and investigators can better identify systemic infrastructure risk, prioritize takedown activity and improve threat-intelligence enrichment. German rail services resume after wireless communications outage