Security News > 2022 > August > Cybercrime Groups Increasingly Adopting Sliver Command-and-Control Framework

Nation-state threat actors are increasingly adopting and integrating the Sliver command-and-control framework in their intrusion campaigns as a replacement for Cobalt Strike.

Sliver, first made public in late 2019 by cybersecurity company BishopFox, is a Go-based open source C2 platform that supports user-developed extensions, custom implant generation, and other commandeering options.

"A C2 framework usually includes a server that accepts connections from implants on a compromised system, and a client application that allows the C2 operators to interact with the implants and launch malicious commands," Microsoft said.

Microsoft said it recently observed cybercrime actors dropping Sliver and other post-exploitation software by embedding them within the Bumblebee loader, which emerged earlier this year as a successor to BazarLoader and shares links with the larger Conti syndicate.

Sliver is not the only framework that has caught the attention of malicious actors.

"Sliver and many other C2 frameworks are yet another example of how threat actors are continually attempting to evade automated security detections," Microsoft said.

News URL

https://thehackernews.com/2022/08/cybercrime-groups-increasingly-adopting.html