Security News > 2022 > August > Sliver offensive security framework increasingly used by threat actors
Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals.
Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.
Sliver does this by using the legitimate PsExec command, which is yet often raising several alerts in endpoint security solutions.
Microsoft security experts indicate that they observed the Sliver framework being used actively in intrusion campaigns run by both cyberespionage nation-state threat actors such as APT29/Cozy Bear and ransomware groups, in addition to other financially oriented threat actors.
Sliver has sometimes been witnessed as a replacement for Cobalt Strike, another penetration testing framework.
That increase in detection will probably push more threat actors into using lesser-known frameworks such as Sliver.
News URL
Related news
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' (source)
- Are threat feeds masking your biggest security blind spot? (source)
- Week in review: MUT-1244 targets both security workers and threat actors, Kali Linux 2024.4 released (source)
- Cross-Domain Attacks: A Growing Threat to Modern Security and How to Combat Them (source)
- Addressing the intersection of cyber and physical security threats (source)