Security News > 2023 > February > Hackers backdoor Windows devices in Sliver and BYOVD attacks
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver attacks to disable security software.
According to a report by the AhnLab Security Emergency Response Center, recently observed attacks target two 2022 vulnerabilities in Sunlogin, a remote-control software by a Chinese developer.
Sys file, a digitally signed anti-cheat driver for Genshin Impact that Trend Micro observed being used for ransomware attacks since last year.
In some cases observed by ASEC, the Sunlogin attacks were followed by installing a Sliver implant.
Microsoft recommends that Windows admins enable the vulnerable driver blocklist to protect against BYOVD attacks.
A Microsoft support article provides information on enabling the blocklist using the Windows Memory Integrity feature or Windows Defender Application Control.
News URL
Related news
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack (source)
- Russian Hackers Target Ukraine with Disinformation and Credential-Harvesting Attacks (source)
- Russian hackers shift to cloud attacks, US and allies warn (source)
- Russian hackers hijack Ubiquiti routers to launch stealthy attacks (source)
- Lazarus hackers exploited Windows zero-day to gain Kernel privileges (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)