Technology NewsThreat Actors Turn to Sliver as Open Source Alternative...

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

-


Jan 23, 2023Ravie LakshmananThreat Detection / Infosec

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks

The legitimate command-and-control (C2) framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit.

The findings come from Cybereason, which detailed its inner workings in an exhaustive analysis last week.

Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that’s designed to be used by security professionals in their red team operations.

Its myriad features for adversary simulation – including dynamic code generation, in-memory payload execution, and process injection – have also made it an appealing tool for threat actors looking to gain elevated access to the target system upon gaining an initial foothold.

Silver C2 Framework

In other words, the software is used as a second-stage to conduct next steps of the attack chain after already compromising a machine using one of the initial intrusion vectors such as spear-phishing or exploitation of unpatched flaws.

“Silver C2 implant is executed on the workstation as stage two payload, and from [the] Sliver C2 server we get a shell session,” Cybereason researchers Loïc Castel and Meroujan Antonyan said. “This session provides multiple methods to execute commands and other scripts or binaries.”

A hypothetical attack sequence detailed by the Israeli cybersecurity company shows that Sliver could be leveraged for privilege escalation, following it up by credential theft and lateral movement to ultimately take over the domain controller for the exfiltration of sensitive data.

Sliver has been weaponized in recent years by the Russia-linked APT29 group (aka Cozy Bear) as well as cybercrime operators like Shathak (aka TA551) and Exotic Lily (aka Projector Libra), the latter of which is attributed to the Bumblebee malware loader.

Silver C2 Framework

That said, Sliver is far from the only open source framework to be exploited for malicious ends. Last month, Qualys disclosed how several hacking groups, including Turla, Vice Society, and Wizard Spider, have utilized Empire for post-exploitation and to expand their foothold in victim environments.

“Empire is an impressive post-exploitation framework with expansive capabilities,” Qualys security researcher Akshat Pradhan said. “This has led to it becoming a frequent favorite toolkit of several adversaries.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.



LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest news

Is it a tablet or a laptop? This is the new Xiaomi Book that the firm is preparing

Xiaomi will present a renewal of its convertible and economic concept with Windows 11 very soon in China....

காலநிலை மாற்றம் ஒரு பெருங்கடலை “பேரழிவை” ஏற்படுத்தலாம்

மோசமான வெப்பமயமாதலின் கீழ், தெற்கு மெரிடியனல் ஓவர்டர்னிங் சர்குலேஷன் 2300 இல் முற்றிலும் நிறுத்தப்படலாம் என்று உருவகப்படுத்துதல்கள் தெரிவிக்கின்றன.வலுவான வெப்பமயமாதல் ஆழமான கவிழ்ப்பு சுழற்சியை...

The Last of Us 3 may already be in development against previous forecasts. Plans are to include even PlayStation 6

The series created by Naughty Dog has been success after success, recently going far beyond its native medium....

Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

Feb 07, 2023Ravie LakshmananEncryption / Privacy A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has...

Encrypted Messaging App Exclu Used by Criminal Groups Cracked by Joint Law Enforcement

Feb 07, 2023Ravie LakshmananEncryption / Privacy A joint law enforcement operation conducted by Germany, the Netherlands, and Poland has...

Robotics hopefuls collide at the RobonAUT competition on February 11, 2023

BME engineering students compete with self-built vehicles. ...

Must read

Hackers backdoor Windows devices in Sliver and BYOVD attacks

A new hacking campaign exploits Sunlogin flaws to...

NAV has made the data of online cash registers available to companies

These are the things you should know about...