Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

Threat actors are leveraging known flaws in Sunlogin software to deploy the Sliver command-and-control (C2) framework for carrying out post-exploitation activities.

The findings come from AhnLab Security Emergency response Center (ASEC), which found that security vulnerabilities in Sunlogin, a remote desktop program developed in China, are being abused to deploy a wide range of payloads.

“Not only did threat actors use the Sliver backdoor, but they also used the BYOVD (Bring Your Own Vulnerable Driver) malware to incapacitate security products and install reverse shells,” the researchers sagte.

Attack chains commence with the exploitation of two remote code execution bugs in Sunlogin versions prior to v11.0.0.33 (CNVD-2022-03672 and CNVD-2022-10270), followed by delivering Sliver or other malware such as Gh0st RAT and XMRig crypto coin miner.

In one instance, the threat actor is said to have weaponized the Sunlogin flaws to install a PowerShell script that, in turn, employs the BYOVD technique to incapacitate security software installed in the system and drop a reverse shell using Powercat.

The BYOVD method abuses a legitimate but vulnerable Windows driver, mhyprot2.sys, that’s signed with a valid certificate to gain elevated permissions and terminate antivirus processes.

It’s worth noting here that the anti-cheat driver for the Genshin Impact video game was previously utilized as a precursor to ransomware deployment, as disclosed by Trend Micro.

“It is unconfirmed whether it was done by the same threat actor, but after a few hours, a log shows that a Sliver backdoor was installed on the same system through a Sunlogin RCE vulnerability exploitation,” the researchers said.

The findings come as threat actors are adopting Sliver, a Go-based legitimate penetration testing tool, as an alternative to Cobalt Strike and Metasploit.

“Sliver offers the required step-by-step features like account information theft, internal network movement, and overtaking the internal network of companies, just like Cobalt Strike,” the researchers concluded.

Kommentar verfassen Kommentieren abbrechen

London, GB

6:07 am, Juli 11, 2025

17°C

L: 16° | H: 18°

Fühlt sich an wie 17°C° aufgelockerte Bewölkung

Luftfeuchtigkeit: 83 %

Druck: 1021 mb

Wind: 5 mph E

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 35%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:56 am

Sonnenuntergang: 9:15 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

16° | 18°°C 0 mm 0% 8 mph 83 % 1021 mb 0 mm/h

Tomorrow 10:00 pm

19° | 30°°C 0 mm 0% 10 mph 66 % 1019 mb 0 mm/h

So. Juli 13 10:00 pm

18° | 30°°C 0 mm 0% 7 mph 71 % 1015 mb 0 mm/h

Mo. Juli 14 10:00 pm

18° | 28°°C 1 mm 100% 15 mph 84 % 1016 mb 0 mm/h

Di. Juli 15 10:00 pm

14° | 20°°C 1 mm 100% 14 mph 81 % 1017 mb 0 mm/h

Today 7:00 am

17° | 18°°C 0 mm 0% 2 mph 83 % 1021 mb 0 mm/h

Today 10:00 am

20° | 26°°C 0 mm 0% 2 mph 73 % 1021 mb 0 mm/h

Today 1:00 pm

26° | 30°°C 0 mm 0% 3 mph 49 % 1020 mb 0 mm/h

Today 4:00 pm

32° | 32°°C 0 mm 0% 4 mph 26 % 1018 mb 0 mm/h

Today 7:00 pm

30° | 30°°C 0 mm 0% 6 mph 29 % 1017 mb 0 mm/h

Today 10:00 pm

23° | 23°°C 0 mm 0% 8 mph 49 % 1019 mb 0 mm/h

Tomorrow 1:00 am

21° | 21°°C 0 mm 0% 5 mph 57 % 1019 mb 0 mm/h

Tomorrow 4:00 am

19° | 19°°C 0 mm 0% 5 mph 66 % 1018 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€99,959.75	5.24%
Ethereum(ETH)	€2,539.97	6.95%
Fesseln(USDT)	€0.85	-0.01%
XRP(XRP)	€2.20	6.28%
Solana(SOL)	€141.07	4.71%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.169060	9.30%
Shiba Inu(SHIB)	€0.000012	8.34%
Pepe(PEPE)	€0.000011	15.79%
Peanut das Eichhörnchen(PNUT)	€0.249673	21.12%

Hackers Exploit Vulnerabilities in Sunlogin to Deploy Sliver C2 Framework

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns