Security News > 2023 > January > Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
The legitimate command-and-control framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit.
Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that's designed to be used by security professionals in their red team operations.
"Silver C2 implant is executed on the workstation as stage two payload, and from [the] Sliver C2 server we get a shell session," Cybereason researchers Loïc Castel and Meroujan Antonyan said.
A hypothetical attack sequence detailed by the Israeli cybersecurity company shows that Sliver could be leveraged for privilege escalation, following it up by credential theft and lateral movement to ultimately take over the domain controller for the exfiltration of sensitive data.
Sliver has been weaponized in recent years by the Russia-linked APT29 group as well as cybercrime operators like Shathak and Exotic Lily, the latter of which is attributed to the Bumblebee malware loader.
That said, Sliver is far from the only open source framework to be exploited for malicious ends.