Security News > 2022 > August > Sliver offensive security framework increasingly used by threat actors
Amongst those frameworks, Sliver appeared in 2019 as an open-source framework available on Github and advertised to security professionals.
Sliver supports several different network protocols to communicate between the implant and its C2 server: DNS, HTTP/TLS, MTLS, and TCP might be used.
Sliver does this by using the legitimate PsExec command, which is yet often raising several alerts in endpoint security solutions.
Microsoft security experts indicate that they observed the Sliver framework being used actively in intrusion campaigns run by both cyberespionage nation-state threat actors such as APT29/Cozy Bear and ransomware groups, in addition to other financially oriented threat actors.
Sliver has sometimes been witnessed as a replacement for Cobalt Strike, another penetration testing framework.
That increase in detection will probably push more threat actors into using lesser-known frameworks such as Sliver.
News URL
Related news
- Drozer: Open-source Android security assessment framework (source)
- UK businesses shockingly unaware of how to handle security threats (source)
- GSMA releases Mobile Threat Intelligence Framework (source)
- Exposing the top cloud security threats (source)
- How insider threats can cause serious security breaches (source)
- MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices (source)
- Cisco’s Splunk Acquisition Should Help Security Pros See Threats Sooner in Australia and New Zealand (source)