GreyNoise Intelligence has launched a command-and-control detection capability designed to give federal agencies earlier visibility into compromised infrastructure.
GreyNoise’s new C2 detection capability comes as federal agencies heighten focus on cyberthreats targeting critical infrastructure. Sign up now for the 2026 Cyber Summit on May 21 and hear government and industry leaders discuss advanced persistent threats, zero trust, AI in cyber defense and other topics in the evolving cyber landscape.
The company said the release coincides with a joint advisory from the FBI’s Internet Crime Complaint Center, or IC3, warning that Iranian-linked actors are exploiting internet-exposed programmable logic controllers across sectors, including energy, water and wastewater. The advisory was issued in coordination with the Cybersecurity and Infrastructure Security Agency, the National Security Agency, the Department of Energy, the Environmental Protection Agency and U.S. Cyber Command.
Federal officials said attackers are targeting internet-facing operational technology systems to perform reconnaissance, exploit vulnerabilities and potentially disrupt operations.
What Is GreyNoise C2 Detection?
GreyNoise said its C2 detection capability is designed to detect communication between compromised assets and adversary-controlled infrastructure. It analyzes patterns across reconnaissance, exploitation and callback activity captured through the company’s global sensor network to surface earlier signs of compromise. The platform builds on the company’s internet-wide visibility into scanning and exploitation behavior.
Nishawn Smagh, director of intelligence at GreyNoise Intelligence, said the capability seeks to provide earlier visibility into threats targeting operational technology.
“GreyNoise’s C2 Callback capability enhances battlespace awareness by detecting outbound command-and-control activity from compromised assets, providing indications and warning while illuminating adversary infrastructure,” Smagh said. “By reducing noise and improving operational prioritization, it enables defenders to act quickly, contain threats, and support an active defense posture to protect critical infrastructure.”
What Did GreyNoise Federal Sales Director Mike Habte Say About C2 Detection?
Mike Habte, director of federal sales at GreyNoise Intelligence, said the IC3 advisory highlights adversaries targeting internet-exposed operational technology to create disruption.
“GreyNoise’s command-and-control detection capability helps federal defenders identify compromised infrastructure and adversary coordination earlier, allowing agencies to move the defensive perimeter outward and disrupt campaigns before they impact mission systems or critical infrastructure,” Habte added.
What Does GreyNoise Do?
GreyNoise is a cybersecurity company that provides threat intelligence designed to help security teams identify and prioritize internet-wide attack activity targeting network edge systems. The company operates the Global Observation Grid, a deception network of over 5,000 sensors deployed across more than 80 countries that observe and classify attack activity in real time.
