Hackers backdoor Windows devices in Sliver and BYOVD attacks

silversurfer

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,777
Content source
https://www.bleepingcomputer.com/news/security/hackers-backdoor-windows-devices-in-sliver-and-byovd-attacks/
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.

Sliver is a post-exploitation toolkit created by Bishop Fox that threat actors began using as a Cobalt Strike alternative last summer, employing it for network surveillance, command execution, reflective DLL loading, session spawning, process manipulation, and more.

According to a report by the AhnLab Security Emergency Response Center (ASEC), recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer. After exploiting these vulnerabilities to compromise a device, the attackers use PowerShell script to open reverse shells, or install other payloads, such as Sliver, Gh0st RAT, or the XMRig Monero coin miner.
Click to expand...
"Through a simple bypassing process, the malware can access the kernel area through mhyprot2.sys," explains ASEC in the report.

"The developer of Mhyprot2DrvControl provided multiple features that can be utilized with the privileges escalated through mhyprot2.sys. Among these, the threat actor used the feature which allows the force termination of processes to develop a malware that shuts down multiple anti-malware products."
Click to expand...
www.bleepingcomputer.com

Hackers backdoor Windows devices in Sliver and BYOVD attacks

A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, vtqhtr413, Pixel_ and 4 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Malware News Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Replies
0
Views
461
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
Security News Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Replies
0
Views
790
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Brownie2019
    • Like
    • Thanks
Security News MITRE Hackers’ Backdoor Has Targeted Windows for Years
Replies
0
Views
607
Security News
Brownie2019
Brownie2019

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top