Global Threat Infrastructure
Nation-state C2 activity · Real-time IOC geo-distribution
1,933High-conf IPs
60Countries
23Attack paths
2,164Actor IOCs
3,215Persistent IPs
16APT Groups
Actors
Russia
China
North Korea
Iran
C2 Density
Critical
High
Medium
Low
Scroll to zoom · Drag to pan
Top C2 Countriesby high-conf IPs
1🇨🇳China540
854 total
2🇺🇸United States397
881 total
3🇩🇪Germany130
238 total
4🇭🇰Hong Kong118
315 total
5🇳🇱Netherlands81
170 total
6🇫🇷France74
126 total
7🇸🇬Singapore58
156 total
8🇷🇺Russia50
52 total
9🇬🇧United Kingdom41
123 total
10🇸🇪Sweden33
49 total
11🇧🇷Brazil33
230 total
12🇨🇦Canada30
75 total
13🇵🇱Poland28
52 total
14🇮🇳India26
191 total
15🇲🇩Moldova25
25 total
Nation-State ActorsIOC · groups · routes
🇷🇺Russia1,772
7 APT groups19 attack routes
Top targets
→🇨🇳China104
→🇺🇸United States94
→🇭🇰Hong Kong58
SandwormTurlaAPT28APT29+2
🇰🇵North Korea246
3 APT groups4 attack routes
Top targets
→🇩🇪Germany14
→🇺🇸United States7
→🇫🇷France7
KimsukyAPT37Lazarus Group
🇨🇳China137
3 APT groups0 attack routes
Top targets
Salt TyphoonVolt TyphoonAPT41
🇮🇷Iran9
2 APT groups0 attack routes
Top targets
MuddyWaterAPT35
🇺🇦UA0
1 APT groups0 attack routes
Top targets
FIN7
Attack Routesorigin → C2 infra
🇷🇺RU→🇨🇳China104
🇷🇺RU→🇺🇸United States94
🇷🇺RU→🇭🇰Hong Kong58
🇷🇺RU→🇩🇪Germany27
🇷🇺RU→🇸🇬Singapore26
🇷🇺RU→🇳🇱Netherlands25
🇷🇺RU→🇫🇷France21
🇰🇵KP→🇩🇪Germany14
🇷🇺RU→🇨🇦Canada12
🇷🇺RU→🇳🇱The Netherlands10
🇰🇵KP→🇺🇸United States7
🇷🇺RU→🇯🇵Japan7
🇷🇺RU→🇸🇪Sweden7
🇰🇵KP→🇫🇷France7
🇷🇺RU→🇧🇷Brazil6
🇷🇺RU→🇬🇧United Kingdom5
🇷🇺RU→🇹🇷Türkiye4
🇷🇺RU→🇻🇳Vietnam4
🇷🇺RU→🇲🇾Malaysia3
🇰🇵KP→🇳🇱Netherlands3
Shared Infrastructuremulti-actor C2
🇺🇸101
United States
RUKP
🇩🇪41
Germany
RUKP
🇳🇱38
Netherlands
RUKP
🇫🇷28
France
RUKP