Find analysis from Spamhaus Project on the number of botnet command & control (C&C) servers and their associated elements.
JANUARY - JUNE 2025
Botnet activity increased by 26% this reporting period; the first increase we've observed for over 18 months. Five new malware families entered the Top 20, and disappointing increases for a number global networks hosting the most active botnet command & controllers (C&Cs). Read the full report.
Published 14 July 2025
Botnet activity increased by 26% this reporting period; the first increase we've observed for over 18 months. Five new malware families entered the Top 20, and disappointing increases for a number global networks hosting the most active botnet command & controllers (C&Cs). Read the full report.
Published 13 January 2024
Botnet C&C activity decreased marginally by -4% between July and December last year. China dominated the Top 20 charts with increased botnet C&C activity across domain registrars and networks, ranking #1 globally for hosting botnet C&C servers. Download the latest report to learn more.
Published 9 July 2024
Overall botnet activity decreased between January and June this year by -6%. Cobalt Strike also declined by -41%. Meanwhile, android backdoors were on the rise, with new entries from Hook and Coper. Read the full report.
Published 11 January 2024
In Q4 2023, the number of botnet command and control (C&C) servers increased by 16%. China, the United States, and Russia were the countries leading the pack, with a significant spike in Bulgaria, and a disappointing surge in active botnet C&Cs across big-name networks.
Published October 2023
Spamhaus researchers observed a decrease in Botnet C&C's operators in Q3 (-16%). With Qakbot's takedown headlining the news, it's no surprise associated Botnet C&Cs dropped by -41%, further strengthening CobaltStrike's position at the top.
Published 11 July 2023
Botnet C&C operators plateaued in Q2 (+1%). Spamhaus researchers observed 8,438 botnet C&Cs, with increases across The Americas and decreases across Europe - yet Cobalt Strike and Qakbot persist. Download the latest report to find all the updates.
Published 12 April 2023
Botnet C&C operators continued to escalate in Q1. Spamhaus researchers saw a 23% increase in newly observed botnet C&C servers - with Cobalt Strike and Quakbot ever-present. Get all the latest insights, including the rise in popularity of credential stealer RecordBreaker in this report.
Published 10 Jan 2023
In this two-page 2022 wrap-up, find the number of botnets C&Cs Spamhaus has identified (the largest number since our records began), plus the most prolific malware families associated with botnet C&Cs, and the networks and geolocations with the most botnet C&C traffic associated.
Published 12 Jan 2023
Botnet C&C operators gathered momentum in Q4. Spamhaus researchers saw a 56% increase in newly observed botnet C&C servers, the largest increase since Q3 2021! Get all the latest insights, including the rise of threats such as Qakbot and CobaltStrike, in this quarter's report.
Published 13 October 2022
It was a busy quarter for Q3! No rest up over the vacation period with a 38% increase in botnet C&Cs detected by the research team - so there's a lot for you to catch up on. This quarter, we saw a vast amount of botnet C&Cs out of China - download the report to find all the updates.
Published 19 July 2022
From the number of newly registered domains, to the domain abuse our researchers are observing, this update highlights trends, provides insights into the poor reputation of domains, and champions providers where positive improvements are seen.
Published 20 April 2022
It might've been a modest increase in new botnet C&Cs this quarter, but the offering of freebie services are attracting a load of badness and the LatAm region continues to struggle with abuse. Get all the latest insights in this quarter's report.
Published 20 January 2022
Q4 update on the botnet command and controllers our researchers are observing, including geolocation and who is hosting them.
Published 14 October 2021
Q3 has seen a massive 82% rise in the number of new botnet command and controllers (C&Cs) identified by our research team. They have observed an explosion in the use of backdoor malware with nefarious operators hiding behind FastFlux.
Published 13 July 2021
Researchers may have observed a 12%reduction in botnet command and controllers (C&Cs), however, more than one industry-leading provider is struggling to keep on top of botnet activity.
