Recorded Future, a threat intelligence firm, announced that Cobalt Strike and Metasploit were responsible for hosting more than 25% of all command and control servers (C&C) implemented in 2020. These are the popular penetration testing toolkits traditionally used by security researchers.
Recorded Future has said that they monitored and studied over 10000 malware C&C servers across over eighty malware strains in 2020. Both financially-motivated and state-sponsored hacking gangs launched malware attacks. The malware would reach back to the C&C server for further instructions or uploading stolen data after successfully penetrating the target devices.