Security News > 2023 > February > Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework
Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control framework for carrying out post-exploitation activities.
The findings come from AhnLab Security Emergency response Center, which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads.
"Not only did threat actors use the Sliver backdoor, but they also used the BYOVD malware to incapacitate security products and install reverse shells," the researchers said.
Attack chains commence with the exploitation of two remote code execution bugs in Sunlogin versions prior to v11.0.0.33, followed by delivering Sliver or other malware such as Gh0st RAT and XMRig crypto coin miner.
In one instance, the threat actor is said to have weaponized the Sunlogin flaws to install a PowerShell script that, in turn, employs the BYOVD technique to incapacitate security software installed in the system and drop a reverse shell using Powercat.
"It is unconfirmed whether it was done by the same threat actor, but after a few hours, a log shows that a Sliver backdoor was installed on the same system through a Sunlogin RCE vulnerability exploitation," the researchers said.
News URL
https://thehackernews.com/2023/02/hackers-exploit-vulnerabilities-in.html
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)