Security News > 2023 > February > Hackers backdoor Windows devices in Sliver and BYOVD attacks
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver attacks to disable security software.
According to a report by the AhnLab Security Emergency Response Center, recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer.
Sys file, a digitally signed anti-cheat driver for Genshin Impact that Trend Micro observed being used for ransomware attacks since last year.
In some cases observed by ASEC, the Sunlogin attacks were followed by installing a Sliver implant.
Microsoft recommends that Windows admins enable the vulnerable driver blocklist to protect against BYOVD attacks.
A Microsoft support article provides information on enabling the blocklist using the Windows Memory Integrity feature or Windows Defender Application Control.
News URL
Related news
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Salt Typhoon hackers backdoor telcos with new GhostSpider malware (source)
- Firefox and Windows zero-days exploited by Russian RomCom hackers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (source)