"Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework"

Using Sunlogin software vulnerabilities, threat actors are deploying the Sliver command-and-control (C2) framework for post-exploitation activities. The AhnLab Security Emergency Response Center (ASEC) discovered that security vulnerabilities in Sunlogin, a remote desktop software developed in China, are being exploited to deploy various payloads. In addition to using the Sliver backdoor, threat actors also employed the Bring Your Own Vulnerable Driver (BYOVD) malware to disable security products and install reverse shells, according to the researchers. Attack chains begin with exploiting two Remote Code Execution (RCE) vulnerabilities in Sunlogin versions before v11.0.0.33 (CNVD-2022-03672 and CNVD-2022-10270), followed by the delivery of Sliver or other malware such as Gh0st RAT and the XMRig cryptocurrency miner. This article continues to discuss the threat actors exploiting flaws in Sunlogin software to deploy the Sliver C2 framework.

THN reports "Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework"