Security News > 2023 > February > Hackers backdoor Windows devices in Sliver and BYOVD attacks
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver attacks to disable security software.
According to a report by the AhnLab Security Emergency Response Center, recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer.
Sys file, a digitally signed anti-cheat driver for Genshin Impact that Trend Micro observed being used for ransomware attacks since last year.
In some cases observed by ASEC, the Sunlogin attacks were followed by installing a Sliver implant.
Microsoft recommends that Windows admins enable the vulnerable driver blocklist to protect against BYOVD attacks.
A Microsoft support article provides information on enabling the blocklist using the Windows Memory Integrity feature or Windows Defender Application Control.
News URL
Related news
- Chinese hackers targeted sanctions office in Treasury attack (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers use Windows RID hijacking to create hidden admin account (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)