Global Threat Infrastructure
Nation-state C2 activity · Real-time IOC geo-distribution
6,208High-conf IPs
60Countries
40Attack paths
11,052Actor IOCs
10,408Persistent IPs
19APT Groups
Actors
Russia
China
North Korea
Iran
C2 Density
Critical
High
Medium
Low
Scroll to zoom · Drag to pan
Top C2 Countriesby high-conf IPs
1🇺🇸United States1,330
3,415 total
2🇨🇳China1,171
1,905 total
3🇭🇰Hong Kong606
941 total
4🇩🇪Germany457
915 total
5🇳🇱The Netherlands269
317 total
6🇳🇱Netherlands204
534 total
7🇫🇷France192
398 total
8🇸🇬Singapore189
484 total
9🇬🇧United Kingdom147
411 total
10🇷🇺Russia129
179 total
11🇯🇵Japan98
217 total
12🇨🇦Canada97
291 total
13🇮🇳India95
494 total
14🇨🇭Switzerland90
130 total
15🇸🇪Sweden81
132 total
Nation-State ActorsIOC · groups · routes
🇰🇵North Korea5,712
4 APT groups17 attack routes
Top targets
→🇨🇳China442
→🇺🇸United States438
→🇭🇰Hong Kong162
KimsukyAPT37Lazarus GroupAPT38
🇷🇺Russia5,052
8 APT groups23 attack routes
Top targets
→🇨🇳China644
→🇺🇸United States597
→🇭🇰Hong Kong303
GamaredonTurlaSandwormAPT28+2
🇨🇳China274
4 APT groups0 attack routes
Top targets
APT10Salt TyphoonVolt TyphoonAPT41
🇮🇷Iran14
2 APT groups0 attack routes
Top targets
MuddyWaterAPT35
🇺🇦UA0
1 APT groups0 attack routes
Top targets
FIN7
Attack Routesorigin → C2 infra
🇷🇺RU→🇨🇳China644
🇷🇺RU→🇺🇸United States597
🇰🇵KP→🇨🇳China442
🇰🇵KP→🇺🇸United States438
🇷🇺RU→🇭🇰Hong Kong303
🇷🇺RU→🇩🇪Germany162
🇰🇵KP→🇭🇰Hong Kong162
🇰🇵KP→🇩🇪Germany147
🇷🇺RU→🇸🇬Singapore123
🇷🇺RU→🇳🇱Netherlands119
🇰🇵KP→🇳🇱The Netherlands101
🇷🇺RU→🇫🇷France91
🇷🇺RU→🇳🇱The Netherlands82
🇰🇵KP→🇸🇬Singapore82
🇰🇵KP→🇳🇱Netherlands77
🇷🇺RU→🇨🇦Canada69
🇰🇵KP→🇫🇷France68
🇷🇺RU→🇯🇵Japan52
🇰🇵KP→🇷🇺Russia44
🇷🇺RU→🇬🇧United Kingdom43
Shared Infrastructuremulti-actor C2
🇨🇳1086
China
RUKP
🇺🇸1035
United States
RUKP
🇭🇰465
Hong Kong
RUKP
🇳🇱379
Netherlands
RUKP
🇩🇪309
Germany
RUKP
🇸🇬205
Singapore
RUKP
🇫🇷159
France
RUKP
🇨🇦110
Canada
RUKP