C&C systems are useful collaboration tools for penetration testers and red teamers. They provide a common place for all victim machines to reach out to, be controlled from, and allow multiple users to interact with the same victims. When performing authorized testing, this is very important as logs are kept in a single place to aid reporting. However, more and more of these tools are being utilized by criminals, including open-source and commercial tools. Their ease of use and stability allows them to run for long periods without issues, which is one of the reasons that even criminals are moving to these C&C platforms instead of building their own.
With most of the attention being paid on established commercial tools such as Cobalt Strike, criminals have been looking for other alternatives that provide many of the same functions. For defenders, this means that as criminals turn to open-source C&C software (which gives them many different options available, and in some cases using multiple platforms on one host), the threat landscape is evolving, incorporating a larger number of tools that will make attacks more difficult for both individuals and organizations to defend themselves against.
Source: Trend Micro