Threat Insight: Threat Actors Adopt Sliver C2

Sliver C2 is a legitimate software designed for offensive security teams to gain remote control over assets during security testing and assessments. As cyber defenders have increasingly improved detection of Cobalt Strike command and control deployments and beacons, threat actors have been seeking alternatives. Sliver C2 is increasing in popularity due to it being cross-platform in nature and an open-source alternative to Cobalt Strike and Metasploit. APT29, believed to have been associated with the Solar Storm breaches in 2021, along with TA551 and Exotic Lily have been observed using Sliver C2 for persistence after initial access is gained. We highly recommend that MSPs design detections and monitoring activities to search out Sliver C2 implants using the threat hunting guidance in the write-up.

Read more here: https://www.cybereason.com/blog/sliver-c2-leveraged-by-many-threat-actors

-Kaseya Threat Management Team