Botnet threat Jul to Dec 2025_Twitter_Social card_#1

JULY - DECEMBER 2025

Read the July - December 2025 Botnet Threat Update

Botnet Command & Controller (C&C) activity increased 24% this period, with Remote Access Trojans (RATs) accounting for 42% of the top 20 botnet-linked malware. Learn which Russia-based registrar saw a 9,608% surge in botnet C&C domains—and which major cloud providers are taking action. Read the full report. 

Botnet Report Jul-Dec 2025

Published 12 January 2026

Botnet Command & Controller (C&C) activity increased 24% this period, with Remote Access Trojans (RATs) accounting for 42% of the top 20 malware associated with botnets. Learn which Russia-based registrar saw a +9,608% surge in botnet C&C domains—and which major cloud providers are taking action. Read the full report. 

Download
Botnet Report Jan-Jun 2025

Published 14 July 2025

Botnet activity increased by 26% this reporting period; the first increase we've observed for over 18 months. Five new malware families entered the Top 20, and disappointing increases for a number global networks hosting the most active botnet command & controllers (C&Cs). Read the full report.

Download
Botnet Report Jul-Dec 2024

Published 13 January 2024

Botnet C&C activity decreased marginally by -4% between July and December last year. China dominated the Top 20 charts with increased botnet C&C activity across domain registrars and networks, ranking #1 globally for hosting botnet C&C servers. Download the latest report to learn more.

Download
Jan-Jun24

Published 9 July 2024

Overall botnet activity decreased between January and June this year by -6%. Cobalt Strike also declined by -41%. Meanwhile, android backdoors were on the rise, with new entries from Hook and Coper. Read the full report.

Download
Q4 2023

Published 11 January 2024

In Q4 2023, the number of botnet command and control (C&C) servers increased by 16%. China, the United States, and Russia were the countries leading the pack, with a significant spike in Bulgaria, and a disappointing surge in active botnet C&Cs across big-name networks.

Download
Q3

Published October 2023

Spamhaus researchers observed a decrease in Botnet C&C's operators in Q3 (-16%). With Qakbot's takedown headlining the news, it's no surprise associated Botnet C&Cs dropped by -41%, further strengthening CobaltStrike's position at the top. 

Download
Q2 2023

Published 11 July 2023

Botnet C&C operators plateaued in Q2 (+1%). Spamhaus researchers observed 8,438 botnet C&Cs, with increases across The Americas and decreases across Europe - yet Cobalt Strike and Qakbot persist. Download the latest report to find all the updates.

Download
Q1 2023 button

Published 12 April 2023

Botnet C&C operators continued to escalate in Q1. Spamhaus researchers saw a 23% increase in newly observed botnet C&C servers - with Cobalt Strike and Quakbot ever-present. Get all the latest insights, including the rise in popularity of credential stealer RecordBreaker in this report.

Download
Frame 29_x2

Published 10 Jan 2023

In this two-page 2022 wrap-up, find the number of botnets C&Cs Spamhaus has identified (the largest number since our records began), plus the most prolific malware families associated with botnet C&Cs, and the networks and geolocations with the most botnet C&C traffic associated. 

Download
Frame 30

Published 12 Jan 2023

Botnet C&C operators gathered momentum in Q4. Spamhaus researchers saw a 56% increase in newly observed botnet C&C servers, the largest increase since Q3 2021! Get all the latest insights, including the rise of threats such as Qakbot and CobaltStrike, in this quarter's report.

Download
Q3 2022

Published 13 October 2022

It was a busy quarter for Q3! No rest up over the vacation period with a 38% increase in botnet C&Cs detected by the research team - so there's a lot for you to catch up on. This quarter, we saw a vast amount of botnet C&Cs out of China - download the report to find all the updates.

Download
Q2 2022

Published 19 July 2022

From the number of newly registered domains, to the domain abuse our researchers are observing, this update highlights trends, provides insights into the poor reputation of domains, and champions providers where positive improvements are seen.
     

Download
Q1 2022

Published 20 April 2022

It might've been a modest increase in new botnet C&Cs this quarter, but the offering of freebie services are attracting a load of badness and the LatAm region continues to struggle with abuse. Get all the latest insights in this quarter's report.

Download
Q4 2021

Published 20 January 2022

Q4 update on the botnet command and controllers our researchers are observing, including geolocation and who is hosting them.

Download
Q3 2021

Published 14 October 2021

Q3 has seen a massive 82% rise in the number of new botnet command and controllers (C&Cs) identified by our research team. They have observed an explosion in the use of backdoor malware with nefarious operators hiding behind FastFlux.

Download
Q2 2021

Published 13 July 2021

Researchers may have observed a 12%reduction in botnet command and controllers (C&Cs), however, more than one industry-leading provider is struggling to keep on top of botnet activity.

Download