Security News > 2023 > February > Hackers backdoor Windows devices in Sliver and BYOVD attacks

A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver attacks to disable security software.
According to a report by the AhnLab Security Emergency Response Center, recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer.
Sys file, a digitally signed anti-cheat driver for Genshin Impact that Trend Micro observed being used for ransomware attacks since last year.
In some cases observed by ASEC, the Sunlogin attacks were followed by installing a Sliver implant.
Microsoft recommends that Windows admins enable the vulnerable driver blocklist to protect against BYOVD attacks.
A Microsoft support article provides information on enabling the blocklist using the Windows Memory Integrity feature or Windows Defender Application Control.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- whoAMI attacks give hackers code execution on Amazon EC2 instances (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
- Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)