An increasing number of threat actors have started relying on the command-and-control (C2) framework Sliver as an open-source alternative to tools such as Metasploit and Cobalt Strike.
Security researchers at Cybereason described the new phenomenon in an advisory published last Thursday, adding that Sliver is gaining popularity due to its modular capabilities (via Armory), cross-platform support and vast number of features.
“Sliver C2 is getting more and more traction since its release in 2020,” reads the report. “As of today, the number of threat intelligence reports is still low, and the main reports describe the use of the Russian SVR leveraging Sliver C2.”
In particular, the team said it already noticed Sliver with known threat actors and malware families such as BumbleBee and APT29 (also known as Cozy Bear).