The purpose of command and control servers is to send and receive data to victims devices.

A secondary goal is to do so while evading detection. This is why many threat actors piggy-back off of legitimate services, it disguises the malware communications and avoids directly exposing the upstream C2 instance.