Hackers backdoor Windows devices in Sliver and BYOVD attacks

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Content source
https://www.bleepingcomputer.com/news/security/hackers-backdoor-windows-devices-in-sliver-and-byovd-attacks/
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.

Sliver is a post-exploitation toolkit created by Bishop Fox that threat actors began using as a Cobalt Strike alternative last summer, employing it for network surveillance, command execution, reflective DLL loading, session spawning, process manipulation, and more.

According to a report by the AhnLab Security Emergency Response Center (ASEC), recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer. After exploiting these vulnerabilities to compromise a device, the attackers use PowerShell script to open reverse shells, or install other payloads, such as Sliver, Gh0st RAT, or the XMRig Monero coin miner.
Click to expand...
"Through a simple bypassing process, the malware can access the kernel area through mhyprot2.sys," explains ASEC in the report.

"The developer of Mhyprot2DrvControl provided multiple features that can be utilized with the privileges escalated through mhyprot2.sys. Among these, the threat actor used the feature which allows the force termination of processes to develop a malware that shuts down multiple anti-malware products."
Click to expand...
www.bleepingcomputer.com

Hackers backdoor Windows devices in Sliver and BYOVD attacks

A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, vtqhtr413, Pixelman and 4 others
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
Hackers Exploiting Remote Desktop Software Flaws to Deploy PlugX Malware
Replies
0
Views
594
News Archive
MuzzMelbourne
MuzzMelbourne
[correlate]
    • Like
    • +Reputation
Hackers adopt Sliver toolkit as a Cobalt Strike alternative
Replies
0
Views
653
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • +Reputation
Malware News Google: Russian FSB hackers deploy new Spica backdoor malware
Replies
1
Views
1,508
Security News
Juan2go
J

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top