GreyNoise Launches C2 Detection to Combat Edge Device Exploits

Severity: High (Score: 67.5)

Sources: Greynoise

Summary

On April 7, 2026, GreyNoise Intelligence introduced C2 Detection, a new intelligence module designed to enhance visibility into compromised edge devices, such as routers and firewalls. These devices are increasingly targeted by cyber adversaries exploiting known vulnerabilities to establish connections with attacker-controlled servers. The C2 Detection module provides insights into outbound network traffic, allowing security teams to identify active compromises and prioritize responses based on attacker progression. GreyNoise utilizes a global sensor network to analyze exploit payloads and extract callback destinations, offering a dataset of confirmed callback IPs and associated malware hashes. This capability aims to close the visibility gap at the edge of the network, where traditional Endpoint Detection and Response (EDR) tools are ineffective. The introduction of C2 Detection marks a significant advancement in detecting post-exploitation activities, enhancing the security posture of organizations reliant on edge devices. Millions of edge devices are reportedly already infected and silently communicating with malicious servers. Key Points: • GreyNoise's C2 Detection targets compromised edge devices like routers and firewalls. • The module analyzes outbound traffic to identify active compromises and attacker behavior. • Millions of edge devices are potentially infected, highlighting a critical security gap.

Key Entities

• Malware (attack_type)
• greynoise.io (domain)
• T1071 - Application Layer Protocol (mitre_attack)