Security News > 2022 > August > Sliver offensive security framework increasingly used by threat actors

Sliver offensive security framework increasingly used by threat actors
2022-08-29 22:15

Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals.

Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.

Sliver does this by using the legitimate PsExec command, which is yet often raising several alerts in endpoint security solutions.

Microsoft security experts indicate that they observed the Sliver framework being used actively in intrusion campaigns run by both cyberespionage nation-state threat actors such as APT29/Cozy Bear and ransomware groups, in addition to other financially oriented threat actors.

Sliver has sometimes been witnessed as a replacement for Cobalt Strike, another penetration testing framework.

That increase in detection will probably push more threat actors into using lesser-known frameworks such as Sliver.


News URL

https://www.techrepublic.com/article/sliver-offensive-security-framework-increasingly-used-by-threat-actors/