Security News > 2022 > August > Sliver offensive security framework increasingly used by threat actors
Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals.
Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.
Sliver does this by using the legitimate PsExec command, which is yet often raising several alerts in endpoint security solutions.
Microsoft security experts indicate that they observed the Sliver framework being used actively in intrusion campaigns run by both cyberespionage nation-state threat actors such as APT29/Cozy Bear and ransomware groups, in addition to other financially oriented threat actors.
Sliver has sometimes been witnessed as a replacement for Cobalt Strike, another penetration testing framework.
That increase in detection will probably push more threat actors into using lesser-known frameworks such as Sliver.
News URL
Related news
- Enhancing national security: The four pillars of the National Framework for Action (source)
- Eliminating AI Deepfake Threats: Is Your Identity Security AI-Proof? (source)
- AWS security essentials for managing compliance, data protection, and threat detection (source)
- Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority (source)
- MUT-1244 targeting security researchers, red teamers, and threat actors (source)
- Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat' (source)