Cybercriminals Take Advantage of Weaknesses in Sunlogin to Install Sliver Command and Control System

Cybercriminals are taking advantage of known weaknesses in Sunlogin software to deploy the Sliver command-and-control framework for post-exploitation activities. This was discovered by AhnLab Security Emergency response Center, which found that security flaws in Sunlogin, a Chinese-developed remote desktop program, are being abused to deploy a variety of payloads. Not only did attackers use the Sliver backdoor, but they also used the BYOVD malware to disable security products and install reverse shells. The attack chain begins with the exploitation of two remote code execution bugs in Sunlogin versions prior to v11.0.0.33, followed by the delivery of Sliver or other malware such as Gh0st RAT and XMRig crypto coin miner. In one case, the attacker is said to have weaponized the Sunlogin flaws to install a PowerShell script that, in turn, uses the BYOVD technique to disable security software installed on the system and drop a reverse shell using Powercat. The BYOVD method abuses a legitimate but vulnerable Windows driver, mhyprot2. Sys, which is signed with a valid certificate to gain elevated permissions and terminate antivirus processes. It is unclear if this was done by the same attacker, but after a few hours, a log shows that a Sliver backdoor was installed on the same system through a Sunlogin RCE vulnerability exploitation, the researchers said. This comes as attackers are turning to Sliver, a legitimate Go-based penetration testing tool, as an alternative to Cobalt Strike and Metasploit. Sliver provides the necessary step-by-step features such as account information theft, internal network movement, and taking over the internal network of companies, just like Cobalt Strike, the researchers concluded.

This Cyber News was published on thehackernews.com. Publication date: Tue, 07 Feb 2023 17:38:02 +0000


Cyber News related to Cybercriminals Take Advantage of Weaknesses in Sunlogin to Install Sliver Command and Control System

Cybercriminals Take Advantage of Weaknesses in Sunlogin to Install Sliver Command and Control System - Cybercriminals are taking advantage of known weaknesses in Sunlogin software to deploy the Sliver command-and-control framework for post-exploitation activities. This was discovered by AhnLab Security Emergency response Center, which found that ...
1 year ago Thehackernews.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com
PyPi package backdoors Macs using the Sliver pen-testing suite - A new package mimicked the popular 'requests' library on the Python Package Index to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. Discovered by Phylum, the campaign involves ...
4 months ago Bleepingcomputer.com
Illegal Access to Windows Computers Through Silver and Bring Your Own Device Vulnerabilities - A recent hacking campaign has been exploiting vulnerabilities in Sunlogin, a remote-control software, to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software. ...
1 year ago Bleepingcomputer.com
Exploiting a Windows Device Through an Alternative to Cobalt Strike Called Sliver - Security analysts at AhnLab Security Emergency Response Center have detected a new hacking campaign that takes advantage of Windows BYOVD attacks to disable security software and deploy the post-exploitation toolkit Sliver. Sliver is an alternative ...
1 year ago Cybersecuritynews.com
Threat Actors Turn To SLIVER As Open Source Malware Toolkit - A new open source malware toolkit, called SLIVER, is being used by threat actors to create and spread malicious programs. SLIVER is a modularized, open-source malware framework that allows users to easily build and deploy malicious Visual Basic ...
1 year ago Thehackernews.com
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
9 months ago Thedfirreport.com
The Evolving Cybersecurity Landscape in 2024: Predictions and Preparations - As we prepare to ring in the new year, the ever-evolving cybersecurity landscape promises to bring new cyber threat actors, vulnerabilities, and weaknesses to counter. As technology evolves, so do cyber threat actors' tactics, techniques, and ...
9 months ago Securityboulevard.com
Cybercriminals pose as "helpful" Stack Overflow users to push malware - Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware-answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware. Sonatype researcher Ax Sharma discovered ...
4 months ago Bleepingcomputer.com
The old, not the new: Basic security issues still biggest threat to enterprises - Attacks on critical infrastructure reveal industry faux pas. Ransomware attacks on enterprises saw a nearly 12% drop last year, as larger organizations opt against paying and decrypting, in favor of rebuilding their infrastructure. X-Force analysis ...
7 months ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Is Your Online Store Hacked in a Carding Attack? - Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using carding attacks as we gear up for the holiday season shopping. Online companies selling products or services are struggling with the growing ...
10 months ago Cybersecuritynews.com
Cybersecurity Tips to Stay Safe this Holiday Season - Cybercriminals take advantage of this hectic time to target holiday shoppers and travelers. Their goal is to catch you off guard when or where you least expect it. If you're like me you might be doing some last-minute shopping and looking for the ...
9 months ago Cybersecurity-insiders.com
Optimize Control Health Management Across Business Levels: Introducing Scopes - Managing controls across multiple business units becomes increasingly challenging and costly as operational requirements evolve. To help compliance leaders efficiently view and manage control health across product lines, geographies and business ...
8 months ago Securityboulevard.com
Abnormal Security Shares Examples of Attacks Using Generative AI - Abnormal Security has published examples of cyberattacks that illustrate how cybercriminals are beginning to leverage generative artificial intelligence to launch cyberattacks. In one example, a cybercriminal posed as a customer service ...
9 months ago Securityboulevard.com
Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing - As we reflect on 2022, we've seen that malicious actors are constantly coming up with new ways to weaponize technologies at scale to cause more disruption and devastation. The dangers are showing up everywhere - and more frequently. The volume and ...
1 year ago Securityweek.com
6 Benefits of Vulnerability Management - Vulnerability management is an ongoing process that helps identify, evaluate, remediate, and mitigate computer and software system vulnerabilities. It's a vital tactic in managing IT environment cybersecurity risks. Since vulnerabilities are ...
6 months ago Hackersonlineclub.com
Behind EB Control's Revolutionary Patented Key Management System - If you're knee-deep in the world of data security, you'd agree that the key to unlocking superior protection lies, quite literally, in the keys- the encryption keys, to be precise. When it comes to managing these critical elements to safeguard your ...
10 months ago Securityboulevard.com
Cybercriminals Hesitant About Using Generative AI - Cybercriminals are so far reluctant to use generative AI to launch attacks, according to new research by Sophos. Examining four prominent dark-web forums for discussions related to large language models, the firm found that threat actors showed ...
10 months ago Infosecurity-magazine.com
Windows 10 KB5034441 security update fails with 0x80070643 errors - Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. Windows 10 creates a recovery partition, usually around ...
9 months ago Bleepingcomputer.com
Hackers' Use of Remote Administration Tools to Control Systems - Remote administration tools are software that allows managing and controlling terminals from a remote location. The tools can be used for work-from-home purposes as well as remote control, management, and maintenance of unmanned devices. AnyDesk is a ...
9 months ago Gbhackers.com
Accelerating Your Journey to the 128-bit Universe - The 2023 National Cybersecurity Strategy requires acceleration of your agency's mission to go boldly into the 128-bit address space universe with greater speed and urgency. IPv6-only is the addressing standard for the U.S. Federal Government, ...
10 months ago Feedpress.me
The European Space Agency Explores Cybersecurity for Space Industry - Cybersecurity for space missions is not optional and should be taken seriously. While Europe's burgeoning commercial space industry is facing some challenges, the European Space Agency is taking specific steps to boost defenses, such as planning to ...
10 months ago Darkreading.com
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
9 months ago Infosecurity-magazine.com
The Role of AI in Personalized Learning - Artificial Intelligence is playing an increasingly significant role in the field of education, particularly in personalized learning. In this article, we will explore the role of AI in personalized learning, with a focus on AI-driven adaptive ...
9 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)