February 12, 2014, 3:01 PM — In part four of a series on understanding the processes and tools behind an APT-based incident, CSO examines the Command & Control phase, often referred to as C2. During this phase, the attacker(s) are on the network, and depending on their objectives, will start focusing on their endgame.
"The first 'phone home' activity will usually take place directly following infection, activity at this point will include establishing the channel and downloading further tools for local reconnaissance, credential theft and escalation of privileges," Rik Ferguson, the VP Security Research at Trend Micro, told CSO.
To continue reading, register here to become an Insider. It's FREE to join!
This article is part of a series about APT campaigns. The topics covered in this series are:
Weaponization and Delivery
Exploitation and Installation
Command and Control, and